Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2024/02/28 6:37 p.m.3 views

airflow-clickhouse-plugin (>=0.9.0 <=0.10.1), airflow-provider-ibm-db2 (=0.1.2) +10 more potentially affected by CVE-2024-27083 via flask-appbuilder (=4.1.4)

flask-appbuilder PYPI version =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on flask-appbuilder and may be impacted: - airflow-clickhouse-plugin =0.9.0, =2.4.2, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves:...

6.1CVSS6AI score0.00567EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/02/28 3:34 p.m.33 views

CVE-2024-27083

Removed by vendor...

6.1CVSS5.6AI score0.00567EPSS
Exploits0
CVE
CVE
added 2024/02/28 3:34 p.m.159 views

CVE-2024-27083

CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...

6.1CVSS4.3AI score0.00567EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/28 3:34 p.m.41 views

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS4.7AI score0.00567EPSS
Exploits0References2
Rows per page
Query Builder