Information Exposure Affecting flask-appbuilder package, versions [,4.1.3)

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-PYTHON-FLASKAPPBUILDER-2964179
published

31 Jul 2022
disclosed

29 Jul 2022
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 29 Jul 2022

New CVE-2022-31177 Open this link in a new tab CWE-200 Open this link in a new tab CWE-202 Open this link in a new tab

How to fix?

Upgrade Flask-AppBuilder to version 4.1.3 or higher.

Overview

Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.

Affected versions of this package are vulnerable to Information Exposure by revealing partial password hashes using crafted HTTP requests that filter users by the contents of their salted hashed password strings.

NOTE: This vulnerability is exploitable only when the AUTH_DB option is in use.

Information Exposure Affecting flask-appbuilder package, versions [,4.1.3)

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 29 Jul 2022

How to fix?

Overview

References