漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Vulnerability Description
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB_SAFE_REDIRECT_HOSTS` configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. As a workaround, use a reverse proxy to enforce trusted host headers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Flask App Builder 输入验证错误漏洞
Vulnerability Description
Flask App Builder是Daniel Vaz Gaspar个人开发者的一个简单快速的应用程序开发框架。 Flask App Builder 4.6.2之前版本存在输入验证错误漏洞,该漏洞源于未验证主机标头,可能导致开放重定向。
CVSS Information
N/A
Vulnerability Type
N/A