Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authentication in Flask-AppBuilder
Vulnerability Description
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. This only affects non database authentication types and new REST API endpoints. Users should upgrade to Flask-AppBuilder 3.3.4 to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Flask-AppBuilder 授权问题漏洞
Vulnerability Description
Flask-AppBuilder是一个简单快速的应用程序开发框架。 Flask-AppBuilder 3.3.4 之前的版本存在授权问题漏洞,该漏洞允许恶意行为者通过精心设计的请求成功进行身份验证并获得对现有受保护 REST API 端点的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A