flask-appbuilder 4.3.11 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the flask-appbuilder package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Authentication Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Improper Authentication via the `reset my password` endpoint when configured with non-database authentication methods. An attacker can regain access to a disabled account and generate JWT tokens by exploiting the accessible password reset functionality. How to fix Improper Authentication? Upgrade `Flask-AppBuilder` to version 4.8.1 or higher.	[,4.8.1)
M Open Redirect Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Open Redirect through the manipulation of the `Host` header in HTTP requests. An attacker can redirect users to malicious websites by crafting malicious URLs that exploit this vulnerability. This is only exploitable if the server is configured to trust arbitrary host headers. How to fix Open Redirect? Upgrade `Flask-AppBuilder` to version 4.6.2 or higher.	[,4.6.2)
M Information Exposure Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure due to observable response discrepancies. This vulnerability allows unauthenticated attackers to determine existing usernames by measuring server response times during login attempts. How to fix Information Exposure? Upgrade `Flask-AppBuilder` to version 4.5.3 or higher.	[,4.5.3)
M Information Exposure Through Browser Caching Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure Through Browser Caching due to the default cache directives of the auth DB login form, allowing sensitive data to be stored locally by the browser. An attacker can access the sensitive data stored locally by exploiting shared computer environments. How to fix Information Exposure Through Browser Caching? Upgrade `Flask-AppBuilder` to version 4.5.1 or higher.	[,4.5.1)

Vulnerability

Vulnerable Version

Improper Authentication

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Improper Authentication via the reset my password endpoint when configured with non-database authentication methods. An attacker can regain access to a disabled account and generate JWT tokens by exploiting the accessible password reset functionality.

How to fix Improper Authentication?

Upgrade Flask-AppBuilder to version 4.8.1 or higher.

[,4.8.1)

Open Redirect

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Open Redirect through the manipulation of the Host header in HTTP requests. An attacker can redirect users to malicious websites by crafting malicious URLs that exploit this vulnerability. This is only exploitable if the server is configured to trust arbitrary host headers.

How to fix Open Redirect?

Upgrade Flask-AppBuilder to version 4.6.2 or higher.

[,4.6.2)

Information Exposure

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Information Exposure due to observable response discrepancies. This vulnerability allows unauthenticated attackers to determine existing usernames by measuring server response times during login attempts.

How to fix Information Exposure?

Upgrade Flask-AppBuilder to version 4.5.3 or higher.

[,4.5.3)

Information Exposure Through Browser Caching

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Information Exposure Through Browser Caching due to the default cache directives of the auth DB login form, allowing sensitive data to be stored locally by the browser. An attacker can access the sensitive data stored locally by exploiting shared computer environments.

How to fix Information Exposure Through Browser Caching?

Upgrade Flask-AppBuilder to version 4.5.1 or higher.

[,4.5.1)

flask-appbuilder@4.3.11 vulnerabilities

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically