CVE-2021-29621

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29621

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29621

Aliases

Related

GHSA-434h-p4gx-jm89

Published

2021-06-07T19:15:07Z

Modified

2025-11-17T06:00:43.779338Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type: GIT
Repo: https://github.com/apache/airflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Git / github.com/dpgaspar/flask-appbuilder

Affected ranges

Type: GIT
Repo: https://github.com/dpgaspar/flask-appbuilder
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

780bd0e8fbf2d36ada52edb769477e0a4edae580

Affected versions

3.*

3.1.1

v1.*

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.12.5

v1.13.0

v1.8.1

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.1

v2.2.1rc1

v2.2.2

v2.2.3

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3