CVE-2023-29005: Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
(updated )
Lack of rate limiting will allow an attacker to brute-force user credentials.
References
- flask-limiter.readthedocs.io/en/stable/configuration.html
- github.com/advisories/GHSA-9hcr-9hcv-x6pv
- github.com/dpgaspar/Flask-AppBuilder
- github.com/dpgaspar/Flask-AppBuilder/pull/1976
- github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
- github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
- nvd.nist.gov/vuln/detail/CVE-2023-29005
Code Behaviors & Features
Detect and mitigate CVE-2023-29005 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →