4 matches found
Security Bulletin:Flask Vary Cookie Header Vulnerability: Use of Cache Containing Sensitive Information Fixed in 3.1.3
Summary Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not t...
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Image Mask versions = 3.1.2...
CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...