CVE-2022-24776

dpgaspar/Flask-AppBuilder

on GitHub

Published

Mar 24, 2022

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

5.8 MEDIUM

Description

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.

References

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:flask-appbuilder_project:flask-appbuilder::::::::	n/a	3.4.5	*
cpe:2.3:a:dpgaspar:flask-appbuilder::::::::	n/a	3.4.5	*

External Links

NVD - CVE-2022-24776