Guillaume Gomez

**Name of the Vulnerable Software and Affected Versions** flask-session-captcha versions prior to 1.2.1 **Description** The issue concerns the `captcha.validate()` function in flask-session-captcha, which returns `None` if passed no value, such as when submitting an empty form. If users were checking the return value to be `False`, the captcha verification check could be bypassed. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 to fix the issue. As a temporary workaround, consider not explicitly checking that the return value of `captcha.validate()` is `False`. Instead, use less explicit checks, such as `if not captcha.validate():` or `if captcha.validate():`, to verify the captcha.