DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-45314

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-45314

CGA ID

CGA-3fx6-xvfc-v75r

Severity

5.5

Medium

CVSS V3

Description

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for /login per the directions provided in the GitHub Security Advisory.

References

  • https://images.chainguard.dev/security/CGA-3fx6-xvfc-v75r

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images