CVE-2024-27083

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions 4.1.4 through 4.2.0

Description A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user into following a specially crafted URL to the OAuth login page, which could inject and execute malicious javascript code on the user's browser.

Recommendations For Flask-AppBuilder versions 4.1.4 through 4.2.0, upgrade to version 4.2.1 or a newer version to resolve the issue. As a temporary workaround, consider restricting access to the OAuth login page until the upgrade is applied.