4 matches found
airflow-clickhouse-plugin (>=0.9.0 <=0.10.1), airflow-provider-ibm-db2 (=0.1.2) +10 more potentially affected by CVE-2024-27083 via flask-appbuilder (=4.1.4)
flask-appbuilder PYPI version =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on flask-appbuilder and may be impacted: - airflow-clickhouse-plugin =0.9.0, =2.4.2, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves:...
CVE-2024-27083
Removed by vendor...
CVE-2024-27083
CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...