CVE-2021-29621

Published
View on NVD ↗
CVSS v3
5.3
MEDIUM
CVSS v2
5
MEDIUM
Affected
2
PROJECTS

Description

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

dpgaspar/Flask-AppBuilder
dpgaspar/Flask-AppBuilder
Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Demo (login with guest/welcome) - http://flaskappbuilder.pythonanywhere.com/
GitHubGitHub
4.95K
flask-appbuilder
flask-appbuilder
Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.
Python Package IndexPython Package Index