WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Possible URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder

Low
dpgaspar published GHSA-2ccw-7px8-vmpf Mar 24, 2022

Package

pip Flask-AppBuilder (pip)

Affected versions

<3.4.4

Patched versions

3.4.5

Description

Impact

Open redirect vulnerability when using database authentication login page on versions bellow 3.4.5

Patches

Upgrade to 3.4.5

Workarounds

May be possible to implement internal security measures to prevent this vulnerability.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2022-24776

Weaknesses

URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. Learn more on MITRE.