32 matches found
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.1
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.1 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring...
Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching
CVE-2021-3...
EUVD-2023-1558
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-33026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. ...
CVE-2023-33175
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching
It is an offensive tool for web exploitation. This PoC exploit t...
FreeBSD : py-flask-caching -- remote code execution or local privilege escalation vulnerabilities (692a5fd5-bb25-4df4-8a0e-eb91581f2531)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 692a5fd5-bb25-4df4-8a0e-eb91581f2531 advisory. - DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, whi...
CVE-2023-33175
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
Hardcoded credentials
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175
ToUI is affected by CVE-2023-33175 due to improper handling of the Website.user_vars attribute when using Flask-Caching (SimpleCache). The root cause is that user-specific variables are stored on the server-side cache, allowing exposure across users. Affected versions are 2.0.1 through 2.4.0; the...
CVE-2023-33175 ToUI allows user-specific variables to be shared between users
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175 ToUI allows user-specific variables to be shared between users
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
CVE-2023-33175 ToUI allows user-specific variables to be shared between users
ToUI is a Python package for creating user interfaces websites and desktop apps from HTML. ToUI is using Flask-Caching SimpleCache to store user variables. Websites that use Website.uservars property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1...
GHSA-HH7J-PG39-Q563 toui allows user-specific variables to be shared between users
Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...
SUSE CVE-2021-33026
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...
Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching
CVE-2021-33026 Pickle Serialization Remote Code Execution - Me...
aeros (>=2.0.0a1 <=2.0.0b4), apache-airflow-zack (=1.10.15.9) +16 more potentially affected by CVE-2021-33026 via flask-caching (=1.10.1)
flask-caching PYPI version =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on flask-caching and may be impacted: - aeros =2.0.0a1, =2.1.1.3, =0.0.0a0, =2.0.0, =3.1.0, =1.2.31, =0.16.5, =0.4.0, =0.2.14, =2.3.7, =2.3.20 and more Source cves:...
Deserialization of Untrusted Data in Flask-Caching
Flask-Cache adds easy cache support to Flask. The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they...
GHSA-656C-6CXF-HVCV Deserialization of Untrusted Data in Flask-Caching
Flask-Cache adds easy cache support to Flask. The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they...
DEBIAN-CVE-2021-33026
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...