<p>Upgrade <code>shiftboiler</code> to version 0.6.5 or higher.</p>

User Impersonation Affecting shiftboiler package, versions [,0.6.5)

Snyk CVSS

Attack Complexity High

Privileges Required High

User Interaction Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-SHIFTBOILER-72558
published 4 Nov 2018
disclosed 9 Oct 2018
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 9 Oct 2018

CWE-520 Open this link in a new tab

How to fix?

Upgrade shiftboiler to version 0.6.5 or higher.

Overview

shiftboiler is a setup of flask framework integrated with a number of libraries to quickly bootstrap app development.

Affected versions of this package are vulnerable to User Impersonation attack. If the google login did not return an id, a malicious user could takeover another user's account.

References

GitHub Commit
GitHub Issue