CVE-2026-27205
- EPSS 0.01%
- Veröffentlicht 21.02.2026 05:21:17
- Zuletzt bearbeitet 24.02.2026 21:59:52
Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulner...
CVE-2023-30861
- EPSS 0.19%
- Veröffentlicht 02.05.2023 18:15:52
- Zuletzt bearbeitet 21.11.2024 08:00:59
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-C...
CVE-2019-1010083
- EPSS 0.4%
- Veröffentlicht 17.07.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:17:57
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
CVE-2018-1000656
- EPSS 0.58%
- Veröffentlicht 20.08.2018 19:31:45
- Zuletzt bearbeitet 21.11.2024 03:40:20
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attack...