CVE-2022-24776 – flask-appbuilder

Package

Manager: pip
Name: flask-appbuilder
Vulnerable Version: >=0 <3.4.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00329 pctl0.55158

Details

Open Redirect in Flask-AppBuilder Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. ### For more information If you have any questions or comments about this advisory: * Open an issue in [Flask-AppBuilder](https://github.com/dpgaspar/Flask-AppBuilder)

Metadata

Created: 2022-03-25T19:27:39Z
Modified: 2022-04-07T00:09:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-2ccw-7px8-vmpf/GHSA-2ccw-7px8-vmpf.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-2ccw-7px8-vmpf
Finding: F156
Auto approve: 1