What is CVE-2022-24880?

CVE-2022-24880 is a medium-severity vulnerability in Tethik Flask-session-captcha, classified under CWE-253. CVSS score: 5.3/10. Published 2022-04-25.

How severe is CVE-2022-24880?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Tethik Flask-session-captcha

CVE-2022-24880

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e…

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Tethik Flask-session-captcha — versions < 1.2.1

Weakness classification (CWE)

References

github.com/Tethik/flask-session-captcha/security/advisories/GHSA-7r87-cj48-wj45 (x_refsource_CONFIRM)
github.com/Tethik/flask-session-captcha/pull/27 (x_refsource_MISC)
github.com/Tethik/flask-session-captcha/commit/2811ae23a38d33b620fb7a07de8837c6… (x_refsource_MISC)
github.com/Tethik/flask-session-captcha/releases/tag/v1.2.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24880?: CVE-2022-24880 is a medium-severity vulnerability in Tethik Flask-session-captcha, classified under CWE-253. CVSS score: 5.3/10. Published 2022-04-25.
How severe is CVE-2022-24880?: Medium severity. CVSS v3 base score is 5.3 out of 10.