Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
No Rate Limiting on Login AUTH DB
Vulnerability Description
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
Flask-AppBuilder 安全漏洞
Vulnerability Description
Flask-AppBuilder是一个简单快速的应用程序开发框架。 Flask-AppBuilder 4.3.0 之前版本存在安全漏洞,该漏洞源于该系统缺少速率限制,攻击者利用该漏洞可以暴力破解用户凭据。
CVSS Information
N/A
Vulnerability Type
N/A