From Salvatore Bonaccorso@21:1/5 to All on Thu Feb 29 22:50:02 2024
Source: flask-appbuilder
Version: 4.1.4+ds-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for flask-appbuilder.
CVE-2024-27083[0]:
| Flask-AppBuilder is an application development framework, built on
| top of Flask. A Cross-Site Scripting (XSS) vulnerability has been
| discovered on the OAuth login page. An attacker could trick a user
| to follow a specially crafted URL to the OAuth login page. This URL
| could inject and execute malicious javascript code that would get
| executed on the user's browser. This issue was introduced on 4.1.4
| and patched on 4.2.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.