Safety vulnerability ID: 54971
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Flask-AppBuilder 4.3.0 includes a fix for CVE-2023-29005: Versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using 'AUTH_RATE_LIMITED = True', 'RATELIMIT_ENABLED = True', and setting an 'AUTH_RATE_LIMIT'.
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
Latest version: 4.4.1
Simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more.
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. See CVE-2023-29005.
MISC:https://flask-limiter.readthedocs.io/en/stable/configuration.html: https://flask-limiter.readthedocs.io/en/stable/configuration.html
MISC:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application