Open Redirect

2022-03-2515:03:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.0%

JSON

flask_appbuilder is vulnerable to open redirect. The library doesn’t properly validate the next url logic for OAuth, OID and DB in the database authentication login page which allows an attacker to inject a malicious URL through to the system.

CPENameOperatorVersion
flask-appbuilderle3.4.4
flask-appbuilderle3.4.4

CPE	Name	Operator	Version
	flask-appbuilder	le	3.4.4
	flask-appbuilder	le	3.4.4

References

github.com/dpgaspar/Flask-AppBuilder/commit/8a18281002d55a50416cf98dad8d75c4c218dbb8

github.com/dpgaspar/Flask-AppBuilder/pull/1804

github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5

github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf

0.001 Low

EPSS

Percentile

31.0%

JSON

Related for VERACODE:34833