CVE-2021-29621

Source
https://cve.org/CVERecord?id=CVE-2021-29621
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29621
Aliases
Published
2021-06-07T19:15:07.600Z
Modified
2026-07-08T06:28:36.159681395Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type
GIT
Repo
https://github.com/apache/airflow
Events
Database specific
{
    "cpe": "cpe:2.3:a:apache:airflow:1.10.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.10.0"
        },
        {
            "last_affected": "1.10.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

1.*
1.10.0
providers-amazon/9.*
providers-amazon/9.18.0
providers-amazon/9.18.0rc2
providers-celery/3.*
providers-celery/3.14.0
providers-celery/3.14.0rc2
providers-cncf-kubernetes/10.*
providers-cncf-kubernetes/10.11.0
providers-cncf-kubernetes/10.11.0rc2
providers-common-sql/1.*
providers-common-sql/1.30.0
providers-common-sql/1.30.0rc2
providers-docker/4.*
providers-docker/4.5.0
providers-docker/4.5.0rc2
providers-edge3/1.*
providers-edge3/1.6.0
providers-edge3/1.6.0rc2
providers-google/19.*
providers-google/19.1.0
providers-google/19.1.0rc2
providers-microsoft-azure/12.*
providers-microsoft-azure/12.9.0
providers-microsoft-azure/12.9.0rc2
providers-slack/9.*
providers-slack/9.6.0
providers-slack/9.6.0rc2
providers-ssh/4.*
providers-ssh/4.2.0
providers-ssh/4.2.0rc2
providers-standard/1.*
providers-standard/1.10.0
providers-standard/1.10.0rc2
Other
providers/2025-12-01

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json"

Git / github.com/dpgaspar/flask-appbuilder

Affected ranges

Type
GIT
Repo
https://github.com/dpgaspar/flask-appbuilder
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.3"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

3.*
3.1.1
v1.*
v1.10.0
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.13.0
v1.8.1
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0
v2.2.1
v2.2.1rc1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v3.*
v3.0.0
v3.0.1
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.2.2
v3.2.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29621.json"