You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Flask and Django require a Securely signed key for singing the session cookies. most of the time developers rely on load hardcoded secret keys from a config file or python code. this proves that the way of hardcoded secret can make problems when you forgot to change the constant secret keys.
I used taint tracking from constants or nodes that provide default constant to an initialization of Flask and Django SECRET_KEY Value/Field.
I did some sanitizations to reduce the FP rate as much as possible.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Yes
No
Blog post link
definitely I will publish a blog post soon!
The text was updated successfully, but these errors were encountered:
Query PR
github/codeql#13561
Language
Python
CVE(s) ID list
CWE
CWE-287: Improper Authentication
Report
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
definitely I will publish a blog post soon!
The text was updated successfully, but these errors were encountered: