GHSA-fqxj-46wg-9v84

Опубликовано: 28 фев. 2024

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Impact

A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser.

Impacted versions: Flask-AppBuilder version 4.1.4 up to and including 4.2.0

Patches

This issue was introduced on 4.1.4 and patched on 4.2.1, user's should upgrade to 4.2.1 or newer versions.

Ссылки

Пакеты

Наименование

Flask-AppBuilder

pip

Затронутые версииВерсия исправления

>= 4.1.4, < 4.2.1

4.2.1

EPSS

Процентиль: 70%

0.00629

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2024-27083

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-27083

CVSS3: 4.3

ubuntu

почти 2 года назад

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

CVE-2024-27083

CVSS3: 4.3

nvd

почти 2 года назад

CVE-2024-27083

CVSS3: 4.3

debian

почти 2 года назад

Flask-AppBuilder is an application development framework, built on top ...

EPSS

Процентиль: 70%

0.00629

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2024-27083

Дефекты

CWE-79