URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder
CVE-2021-32805

6.1MEDIUM

Key Information:

Vendor: Dpgaspar
Status: Flask-appbuilder
Vendor: CVE Published:; 8 September 2021

What is CVE-2021-32805?

Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing ?next={next-site} where the next-site domain is different from the application you are protecting as a workaround.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Flask-AppBuilder < 3.3.2

References

https://github.com/dpgaspar/Flask-AppBuilder/security/adv...

x_refsource_CONFIRM

https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 8, 2021
Vulnerability Reserved
May 12, 2021

JSON

Dpgaspar