2 matches found
ROOT-APP-PYPI-CVE-2024-25128 CVE-2024-25128 in rootio-Flask-AppBuilder - Patched by Root
Root has patched CVE-2024-25128 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...
CVE-2024-25128
Flask-AppBuilder (FAB) is affected when AUTH_TYPE is set to AUTH_OID. The vulnerability allows forging an HTTP request to trick the backend into using an attacker-controlled OpenID service, potentially granting unauthorized privilege access. The issue is exploitable with OpenID 2.0 and is mitigat...