Flask-AppBuilder is vulnerable to information disclosure. The vulnerability exists due to the HTTP response indicating the hashed passwords insecurely, allowing attackers to infer the partial password hashes through the malicious query strings.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 4.1.3rc1 | |
flask-appbuilder | le | 4.1.3rc1 |
github.com/advisories/GHSA-32ff-4g79-vgfc
github.com/dpgaspar/Flask-AppBuilder/commit/449afe47b17298b57272762332f9c96ea6af0449
github.com/dpgaspar/Flask-AppBuilder/pull/1881
github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc