Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/04/2023 Updated: 18/04/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Flask-AppBuilder versions prior to 4.3.0 lack rate limiting which can allow an malicious user to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flask-appbuilder project flask-appbuilder

Debian Bug report logs - #1055181 flask-appbuilder: CVE-2023-29005 Package: src:flask-appbuilder; Maintainer for src:flask-appbuilder is Debian Python Team <team+python@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 1 Nov 2023 19:24:06 UTC Severity: important Tags: security, upstrea ...

CWE-307 https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv https://flask-limiter.readthedocs.io/en/stable/configuration.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055181 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-29005

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect