The vulnerability of the Flask software’s extension relates to insecure privilege management. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

🗓️ 05 Oct 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Flask extension insecure privilege and pickle flaw enable remote data access and service failures.

Reporter	Title	Published	Views	Family All 27
GithubExploit	Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching	2 Dec 202500:47	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching	5 Nov 202118:11	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching	8 Oct 202417:27	–	githubexploit
FreeBSD	py-flask-caching -- remote code execution or local privilege escalation vulnerabilities	13 May 202100:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)	12 Mar 202201:13	–	ibm
Circl	CVE-2021-33026	14 May 202108:23	–	circl
CNNVD	Pallets Project Flask 代码问题漏洞	13 May 202100:00	–	cnnvd
CVE	CVE-2021-33026	13 May 202122:51	–	cve
Cvelist	CVE-2021-33026	13 May 202122:51	–	cvelist
Debian CVE	CVE-2021-33026	13 May 202122:51	–	debiancve

Vulners

Node

thadeus_burgess,_peter_justin flask-cachingRange≤1.10.1

Source	Link
github	www.github.com/sh4nks/flask-caching/pull/209
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-33026
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-33026
web	www.web.nvd.nist.gov/view/vuln/detail

05 Oct 2021 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

CVSS 39.8

EPSS0.07288

Flask extension insecure privilege pickle serialization flaw remote data access service failures