55 matches found
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
GHSA-F3FG-MF2Q-FJ3F NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
PT-2025-23857 · Auth0 · Auth0 Next.Js Sdk
Name of the Vulnerable Software and Affected Versions: Auth0 Next.js SDK versions 4.0.1 through 4.6.0 Description: The issue concerns the caching of session cookies set by auth0.middleware in CDN environments due to missing Cache-Control headers. Three preconditions must be met for the...
Internet Bug Bounty: Possible Sensitive Session Information Leak in Active Storage
There was a possible sensitive session information leak in Active Storage. Active Storage incorrectly sent the user's session cookie along with a Cache-Control: public header when serving files blobs. This allowed certain caching proxies to cache the response, including the Set-Cookie header,...
Take control of Cache-Control and local caching
TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...
Sensitive Information Disclosure
apache-airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the absence of a "Cache-Control" header in the response headers for dynamic content, which could lead to the unintended caching of sensitive information in the local cache of web browsers...
GHSA-9XPJ-62MM-24H2 Apache Airflow does not return the "Cache-Control" header for dynamic content
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
PYSEC-2024-195
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
Apache Airflow Security Vulnerability
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.9.2 that stems from Airflow not...
OESA-2023-1936 python-flask security update
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...
GHSA-C59H-R6P8-Q9WC Next.js missing cache-control header may lead to CDN caching empty reply
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...
Next.js missing cache-control header may lead to CDN caching empty reply
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...
PT-2023-29944 · Next.Js · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.4.20-canary.13 Description: The issue is related to a lack of a cache-control header in Next.js, which can cause empty prefetch responses to be cached by a CDN. This can lead to a denial of service for all users...
flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header
A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...
flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header
A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...
DEBIAN-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
UBUNTU-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...