Описание
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FAB_SAFE_REDIRECT_HOSTS configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. As a workaround, use a reverse proxy to enforce trusted host headers.
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.2 (исключая)
cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 4.3
debian
9 месяцев назад
Flask-AppBuilder is an application development framework built on top ...
CVSS3: 4.3
github
9 месяцев назад
Flask-AppBuilder open redirect vulnerability using HTTP host injection
EPSS
Процентиль: 15%
0.00049
Низкий
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-601