flask_appbuilder is vulnerable to open redirect. The library doesn’t properly validate the next url logic for OAuth, OID and DB in the database authentication login page which allows an attacker to inject a malicious URL through to the system.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 3.4.4 | |
flask-appbuilder | le | 3.4.4 |