Mar0N0

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.6.2 Description: The issue allows a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB SAFE REDIRECT HOSTS` configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. Recommendations: For versions prior to 4.6.2, use a reverse proxy to enforce trusted host headers as a workaround. Update to version 4.6.2 or later, which introduces the `FAB SAFE REDIRECT HOSTS` configuration variable to define safe domains for redirection.