Lucene search
GoogleOSV:PYSEC-2021-851HistoryDec 09, 2021 - 5:15 p.m.
PYSEC-2021-851
2021-12-0917:15:00
Google
osv.dev
10
0.002 Low
EPSS
Percentile
55.9%
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.
Related
nvd
nvd
CVE-2021-41265
2021-12-09 17:15:07
cve
cve
CVE-2021-41265
2021-12-09 17:15:07
veracode
veracode
Authentication Bypass
2021-12-10 10:47:35
osv
osv
CVE-2021-41265
2021-12-09 17:15:07
Improper Authentication in Flask-AppBuilder
2021-12-09 19:09:07
cvelist
cvelist
CVE-2021-41265 Improper Authentication in Flask-AppBuilder
2021-12-09 16:40:11
debiancve
debiancve
CVE-2021-41265
2021-12-09 17:15:07
github
github
Improper Authentication in Flask-AppBuilder
2021-12-09 19:09:07
gitlab
gitlab
Improper Authentication
2021-12-09 00:00:00
prion
prion
Authentication flaw
2021-12-09 17:15:00