A new Debian Linux update has been published: DLA 3545-1: flask-security security update
A flask-security security update has been released for Debian GNU/Linux 10 LTS to address an issue where it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path.Read more @ Linux Compatible