CVE-2022-24776: URL Redirection to Untrusted Site ('Open Redirect')

March 24, 2022 (updated April 5, 2022)

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.

References

github.com/advisories/GHSA-2ccw-7px8-vmpf
github.com/dpgaspar/Flask-AppBuilder/pull/1804
github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5
github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
nvd.nist.gov/vuln/detail/CVE-2022-24776

Detect and mitigate CVE-2022-24776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →