Flask-appbuilder Security Vulnerabilities and Issues — Flask-appbuilder CVE List

Lucene search

DpgasparFlask-appbuilder

3 matches found

CVE•added 2024/09/04 4:15 p.m.•201 views

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If u...

5.5CVSS4.4AI score0.00013EPSS

CVE•added 2024/02/29 1:44 a.m.•141 views

CVE-2024-25128

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker una...

9.1CVSS9AI score0.00398EPSS

CVE•added 2024/02/29 1:44 a.m.•135 views

CVE-2024-27083

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malici...

6.1CVSS4.3AI score0.00629EPSS