CVE-2021-29621

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-29621

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29621

Aliases

Related

GHSA-434h-p4gx-jm89

Published

2021-06-07T19:15:07.600Z

Modified

2026-03-13T22:00:22.297546Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

References

Affected packages

Git / github.com/dpgaspar/flask-appbuilder

Affected ranges

Type

GIT

Repo

https://github.com/dpgaspar/flask-appbuilder

Events

Introduced

Last affected

0525e549ef7170f5623af4244f61991ad19bc215

Introduced

Last affected

84de562c3d54e507207305c214ebbf50dcbc743b

Fixed

780bd0e8fbf2d36ada52edb769477e0a4edae580

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.10.0"
        }
    ]
}

Affected versions

3.*

3.1.1

v1.*

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.12.5

v1.13.0

v1.8.1

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.1

v2.2.1rc1

v2.2.2

v2.2.3

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json"