Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
2025-03-03T16:15:41.820
2025-03-07T21:44:56.620
Analyzed
CVSSv3.1: 3.7 (LOW)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | dpgaspar | flask-appbuilder | < 4.5.3 | Yes |