11 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205
Summary IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web...
OESA-2026-2135 python-flask security update
Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...
Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205.
Summary IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...
Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...
openSUSE Security Advisory (SUSE-SU-2026:0849-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python311-Flask-3.1.3-1.1 on GA media (moderate)
python311-Flask-3.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10264-1 Rating: moderate Cross-References: CVE-2026-27205 CVSS scores: CVE-2026-27205 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2026-27205 SUSE : 6...
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
CVE-2026-27205 vulnerabilities
Vulnerabilities for packages: emissary, kubeflow-volumes-web-app, airflow, open-webui, mlflow, mitmproxy...
2m (=1.2.5), abcvlib (=0.0.7) +887 more potentially affected by CVE-2026-27205 via flask (>=3.0.0 <=3.1.2)
flask PYPI version =3.0.0, =1.0.0, =1.1.0, =1.0.2, =0.3.1, =4.11.0, =0.2.4.1, =1.3.0, =0.1.0, =0.1.1, =0.5.7, =0.1.0, =1.1.0, =1.2.3 and more Source cves: CVE-2026-27205 Source advisory: SNYK:PYTHON-FLASK-15322678...
2m (=1.2.5), a-api-server (=1.3.0) +3876 more potentially affected by CVE-2026-27205 via flask (>=0.10.1 <=3.1.2)
flask PYPI version =0.10.1, =0.1.0, =0.10.0, =1.0.2, =1.0.0, =1.0.5, =1.8.8, =1.0.2, =0.3.1, =0.3.7.dev2 and more Source cves: CVE-2026-27205 Source advisory: OSV:GHSA-68RP-WP8R-4726...