5 matches found
Use of Hard-coded Credentials
Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingfacehub.gettok...
Alibaba Cloud Linux 3 : 0008: python-flask (ALINUX3-SA-2024:0008)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0008 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-30861: Flask is a lightweight WSGI web...
Internet Bug Bounty: Possible Sensitive Session Information Leak in Active Storage
There was a possible sensitive session information leak in Active Storage. Active Storage incorrectly sent the user's session cookie along with a Cache-Control: public header when serving files blobs. This allowed certain caching proxies to cache the response, including the Set-Cookie header,...
AZL-44718 CVE-2023-30861 affecting package python-flask 1.1.1-4
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
CVE-2019-14912
The CVE-2019-14912 entry concerns PRiSE adAS 1.7.0, where the OPENSSO module fails to validate the goto parameter, causing an open redirect that leaks the user session cookie. Multiple sources (NVD, Red Hat, CVE lists) confirm the affected product and the underlying cause. Exploitation details an...