Source: flask-appbuilder Version: 4.1.4+ds-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for flask-appbuilder. CVE-2024-27083[0]: | Flask-AppBuilder is an application development framework, built on | top of Flask. A Cross-Site Scripting (XSS) vulnerability has been | discovered on the OAuth login page. An attacker could trick a user | to follow a specially crafted URL to the OAuth login page. This URL | could inject and execute malicious javascript code that would get | executed on the user's browser. This issue was introduced on 4.1.4 | and patched on 4.2.1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27083 https://www.cve.org/CVERecord?id=CVE-2024-27083 [1] https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 [2] https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 Regards, Salvatore
