flask-appbuilder@4.3.3rc1 vulnerabilities

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

latest version

4.4.1
latest non vulnerable version

4.4.1
first published

10 years ago
latest version published

2 months ago
licenses detected
- BSD-2-Clause
  [0,)
View flask-appbuilder package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the flask-appbuilder package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Authentication Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Improper Authentication due to incorrect authentication handling when using the `AUTH_OID` auth type. An attacker can forge an HTTP request to deceive the backend into using any requested OpenID service, potentially granting unauthorized privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. Note: This is only exploitable when the application uses the old OpenID 2.0 authorization protocol, which is considered legacy and has been deprecated for over a decade. How to fix Improper Authentication? Upgrade `Flask-AppBuilder` to version 4.3.11 or higher.	[,4.3.11)

Improper Authentication

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Improper Authentication due to incorrect authentication handling when using the AUTH_OID auth type. An attacker can forge an HTTP request to deceive the backend into using any requested OpenID service, potentially granting unauthorized privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend.

Note:

This is only exploitable when the application uses the old OpenID 2.0 authorization protocol, which is considered legacy and has been deprecated for over a decade.

How to fix Improper Authentication?

Upgrade Flask-AppBuilder to version 4.3.11 or higher.

[,4.3.11)

Go back to all versions of this package

flask-appbuilder@4.3.3rc1 vulnerabilities

Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities