CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN...

PT-2023-29944 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.4.20-canary.13 Description: The issue is related to a lack of a cache-control header in Next.js, which can cause empty prefetch responses to be cached by a CDN. This can lead to a denial of service for all users...

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...

The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to gain unauthorized access to protected information.

The vulnerability of the ABB eSOMS production process management software is related to errors in the Cache-Control and Pragma headers of HTTP responses. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...

flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...

AZL-44718 CVE-2023-30861 affecting package python-flask 1.1.1-4

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

DEBIAN-CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

UBUNTU-CVE-2023-30861

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...

GHSA-M2QF-HXJV-5GPQ Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the...

Fedora 37 : xen (2023-da8315e641)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-da8315e641 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

CVE-2022-42334

CVE-2022-42334 concerns the Xen hypervisor: a mis-handling in the HVM cache attributes interface used to override defaults for passed‑through devices. The root cause described across connected sources is unbounded control region creation and a lack of proper serialization for installation/removal...

SUSE CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

SUSE CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...

SUSE CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service host or guest crash via unspecified vectors, related to 1 cache control, 2 coprocessors, 3 debug registers, and 4 other unspecified registers...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. PoC Run the following script in...

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

HTTP Request Smuggling

apollo-server is vulnerable to HTTP request smuggling. The vulnerability exists because the library does not properly set the cache-control response header in the batched HTTP requests, allowing an attacker to smuggle HTTP requests...

GHSA-8R69-3CVP-WXC3 Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...