CVE-2022-24776

NameCVE-2022-24776
DescriptionFlask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
flask-appbuilder (PTS)sid4.1.4+ds-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
flask-appbuildersource(unstable)(not affected)

Notes

- flask-appbuilder <not-affected> (Fixed before initial upload to archive)
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
Search for package or bug name: Reporting problems