flask-appbuilder@0.7.2 vulnerabilities
Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.
-
latest version
4.5.2
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the flask-appbuilder package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure Through Browser Caching due to the default cache directives of the auth DB login form, allowing sensitive data to be stored locally by the browser. An attacker can access the sensitive data stored locally by exploiting shared computer environments. How to fix Information Exposure Through Browser Caching? Upgrade |
[,4.5.1)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Improper Authentication due to incorrect authentication handling when using the Note: This is only exploitable when the application uses the old OpenID 2.0 authorization protocol, which is considered legacy and has been deprecated for over a decade. How to fix Improper Authentication? Upgrade |
[,4.3.11)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure such that an authenticated malicious actor with Admin privileges, can edit User forms and trigger a database error. On certain database engines, this error can include the entire user row including the How to fix Information Exposure? Upgrade |
[,4.3.2)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Brute Force due to the lack of rate limiting which will allow an attacker to obtain user credentials. How to fix Brute Force? Upgrade |
[,4.3.0)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure by revealing partial password hashes using crafted HTTP requests that filter users by the contents of their salted hashed password strings. NOTE:
This vulnerability is exploitable only when the How to fix Information Exposure? Upgrade |
[,4.1.3)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Open Redirect via the usage of the database authentication login page. How to fix Open Redirect? Upgrade |
[,3.4.5)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Timing Attack which allows for a non-authenticated user to enumerate existing accounts by timing the response time from the server when logging in. How to fix Timing Attack? Upgrade |
[,3.4.4)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Access Restriction Bypass due to improper authentication on the REST API. This allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non-database authentication types, and new REST API endpoints. How to fix Access Restriction Bypass? Upgrade |
[,3.3.4)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Insecure Permissions due to missing mapping validation of permissions. How to fix Insecure Permissions? Upgrade |
[,2.1.4)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Open Redirect. If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder and redirect a user to a malicious site. How to fix Open Redirect? Upgrade |
[,3.3.2)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Access Restriction Bypass. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. How to fix Access Restriction Bypass? Upgrade |
[,3.3.0)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Incorrect Default Permissions. No permissions were required by default in pvm, perm and vm mvc How to fix Incorrect Default Permissions? Upgrade |
[,2.2.3)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure. Attackers were able to masquerade as an authenticated user through OAuth providers. The fix changes the ID that is used to link a google login to an account to an immutable user ID that is provided by google. The previous implementation used the display name, which could easily be changed at any point and used to log in to a different account by an attacker. How to fix Information Exposure? Upgrade |
[,1.9.0)
|
Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to SQL Injection in order by clauses. How to fix SQL Injection? Upgrade |
[,1.9.3)
|