Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6f2e-66xz-t7cu

Summary

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.

1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets `session.permanent = True`
3. The application does not access or modify the session at any point during a request.
4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).
5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.

This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Aliases

alias	CVE-2023-30861

alias	GHSA-m2qf-hxjv-5gpq

alias	PYSEC-2023-62

Fixed_packages

url pkg:deb/debian/flask@1.1.2-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/flask@1.1.2-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@1.1.2-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/flask@1.1.2-2%2Bdeb11u1

purl pkg:deb/debian/flask@1.1.2-2%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@1.1.2-2%252Bdeb11u1

url pkg:deb/debian/flask@2.2.2-3?distro=trixie

purl pkg:deb/debian/flask@2.2.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@2.2.2-3%3Fdistro=trixie

url pkg:deb/debian/flask@3.1.1-1?distro=trixie

purl pkg:deb/debian/flask@3.1.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@3.1.1-1%3Fdistro=trixie

url pkg:deb/debian/flask@3.1.2-1?distro=trixie

purl pkg:deb/debian/flask@3.1.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@3.1.2-1%3Fdistro=trixie

url	pkg:deb/debian/flask@3.1.3-1?distro=trixie
purl	pkg:deb/debian/flask@3.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@3.1.3-1%3Fdistro=trixie

url pkg:pypi/flask@2.2.5

purl pkg:pypi/flask@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.5

url pkg:pypi/flask@2.3.2

purl pkg:pypi/flask@2.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.2

Affected_packages

url pkg:deb/debian/flask@0.6-1

purl pkg:deb/debian/flask@0.6-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.6-1

url pkg:deb/debian/flask@0.8-1

purl pkg:deb/debian/flask@0.8-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.8-1

url pkg:deb/debian/flask@0.10.1-2~bpo70%2B1

purl pkg:deb/debian/flask@0.10.1-2~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.10.1-2~bpo70%252B1

url pkg:deb/debian/flask@0.10.1-2

purl pkg:deb/debian/flask@0.10.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.10.1-2

url pkg:deb/debian/flask@0.12.1-1~bpo8%2B1

purl pkg:deb/debian/flask@0.12.1-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.12.1-1~bpo8%252B1

url pkg:deb/debian/flask@0.12.1-1

purl pkg:deb/debian/flask@0.12.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@0.12.1-1

url pkg:deb/debian/flask@1.0.2-3

purl pkg:deb/debian/flask@1.0.2-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/flask@1.0.2-3

url pkg:pypi/flask@0.1

purl pkg:pypi/flask@0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.1

url pkg:pypi/flask@0.2

purl pkg:pypi/flask@0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.2

url pkg:pypi/flask@0.3

purl pkg:pypi/flask@0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.3

url pkg:pypi/flask@0.3.1

purl pkg:pypi/flask@0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.3.1

url pkg:pypi/flask@0.4

purl pkg:pypi/flask@0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.4

url pkg:pypi/flask@0.5

purl pkg:pypi/flask@0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5

url pkg:pypi/flask@0.5.1

purl pkg:pypi/flask@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5.1

url pkg:pypi/flask@0.5.2

purl pkg:pypi/flask@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5.2

url pkg:pypi/flask@0.6

purl pkg:pypi/flask@0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-tg74-5nzy-33e5

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.6

url pkg:pypi/flask@0.6.1

purl pkg:pypi/flask@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.6.1

url pkg:pypi/flask@0.7

purl pkg:pypi/flask@0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7

url pkg:pypi/flask@0.7.1

purl pkg:pypi/flask@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7.1

url pkg:pypi/flask@0.7.2

purl pkg:pypi/flask@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7.2

url pkg:pypi/flask@0.8

purl pkg:pypi/flask@0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.8

url pkg:pypi/flask@0.8.1

purl pkg:pypi/flask@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.8.1

url pkg:pypi/flask@0.9

purl pkg:pypi/flask@0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.9

url pkg:pypi/flask@0.10

purl pkg:pypi/flask@0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.10

url pkg:pypi/flask@0.10.1

purl pkg:pypi/flask@0.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.10.1

url pkg:pypi/flask@0.11

purl pkg:pypi/flask@0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.11

url pkg:pypi/flask@0.11.1

purl pkg:pypi/flask@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.11.1

url pkg:pypi/flask@0.12

purl pkg:pypi/flask@0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12

url pkg:pypi/flask@0.12.1

purl pkg:pypi/flask@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.1

url pkg:pypi/flask@0.12.2

purl pkg:pypi/flask@0.12.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

vulnerability	VCID-y5ke-uj7u-rydk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.2

url pkg:pypi/flask@0.12.3

purl pkg:pypi/flask@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.3

url pkg:pypi/flask@0.12.4

purl pkg:pypi/flask@0.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.4

url pkg:pypi/flask@0.12.5

purl pkg:pypi/flask@0.12.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-bmjp-tau8-bugq

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.5

url pkg:pypi/flask@1.0

purl pkg:pypi/flask@1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0

url pkg:pypi/flask@1.0.1

purl pkg:pypi/flask@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.1

url pkg:pypi/flask@1.0.2

purl pkg:pypi/flask@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.2

url pkg:pypi/flask@1.0.3

purl pkg:pypi/flask@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.3

url pkg:pypi/flask@1.0.4

purl pkg:pypi/flask@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.4

url pkg:pypi/flask@1.1.0

purl pkg:pypi/flask@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.0

url pkg:pypi/flask@1.1.1

purl pkg:pypi/flask@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.1

url pkg:pypi/flask@1.1.2

purl pkg:pypi/flask@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.2

url pkg:pypi/flask@1.1.3

purl pkg:pypi/flask@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.3

url pkg:pypi/flask@1.1.4

purl pkg:pypi/flask@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.4

url pkg:pypi/flask@2.0.0rc1

purl pkg:pypi/flask@2.0.0rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0rc1

url pkg:pypi/flask@2.0.0rc2

purl pkg:pypi/flask@2.0.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0rc2

url pkg:pypi/flask@2.0.0

purl pkg:pypi/flask@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0

url pkg:pypi/flask@2.0.1

purl pkg:pypi/flask@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.1

url pkg:pypi/flask@2.0.2

purl pkg:pypi/flask@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.2

url pkg:pypi/flask@2.0.3

purl pkg:pypi/flask@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.3

url pkg:pypi/flask@2.1.0

purl pkg:pypi/flask@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.0

url pkg:pypi/flask@2.1.1

purl pkg:pypi/flask@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.1

url pkg:pypi/flask@2.1.2

purl pkg:pypi/flask@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.2

url pkg:pypi/flask@2.1.3

purl pkg:pypi/flask@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.3

url pkg:pypi/flask@2.2.0

purl pkg:pypi/flask@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.0

url pkg:pypi/flask@2.2.1

purl pkg:pypi/flask@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.1

url pkg:pypi/flask@2.2.2

purl pkg:pypi/flask@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.2

url pkg:pypi/flask@2.2.3

purl pkg:pypi/flask@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.3

url pkg:pypi/flask@2.2.4

purl pkg:pypi/flask@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.4

url pkg:pypi/flask@2.3.0

purl pkg:pypi/flask@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.0

url pkg:pypi/flask@2.3.1

purl pkg:pypi/flask@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-rx8q-6dwq-a3hs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.1

url pkg:rpm/redhat/python-flask@1:0.10.1-7?arch=el7_9

purl pkg:rpm/redhat/python-flask@1:0.10.1-7?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@1:0.10.1-7%3Farch=el7_9

url pkg:rpm/redhat/python-flask@1:1.0.2-8?arch=el8ost

purl pkg:rpm/redhat/python-flask@1:1.0.2-8?arch=el8ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@1:1.0.2-8%3Farch=el8ost

url pkg:rpm/redhat/python-flask@1:1.1.2-6?arch=el8

purl pkg:rpm/redhat/python-flask@1:1.1.2-6?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@1:1.1.2-6%3Farch=el8

url pkg:rpm/redhat/python-flask@1:1.1.2-6?arch=el9ost

purl pkg:rpm/redhat/python-flask@1:1.1.2-6?arch=el9ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@1:1.1.2-6%3Farch=el9ost

url pkg:rpm/redhat/python-flask@1:2.0.1-3?arch=el9

purl pkg:rpm/redhat/python-flask@1:2.0.1-3?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@1:2.0.1-3%3Farch=el9

url pkg:rpm/redhat/python-flask@2:2.0.1-4.el9?arch=2

purl pkg:rpm/redhat/python-flask@2:2.0.1-4.el9?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6f2e-66xz-t7cu

vulnerability	VCID-evjj-hwvm-fbca

vulnerability	VCID-yr11-kwf1-pqfz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-flask@2:2.0.1-4.el9%3Farch=2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30861.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30861.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-30861

reference_id

reference_type

scores

value	0.00192
scoring_system	epss
scoring_elements	0.40934
published_at	2026-04-24T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41029
published_at	2026-04-21T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41104
published_at	2026-04-18T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41133
published_at	2026-04-16T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4109
published_at	2026-04-13T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4114
published_at	2026-04-11T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.4112
published_at	2026-04-09T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41113
published_at	2026-04-08T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41064
published_at	2026-04-07T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41138
published_at	2026-04-04T12:55:00Z

value	0.00192
scoring_system	epss
scoring_elements	0.41106
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-30861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/flask

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/flask

reference_url

https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b

reference_url

https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965

reference_url

https://github.com/pallets/flask/releases/tag/2.2.5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://github.com/pallets/flask/releases/tag/2.2.5

reference_url

https://github.com/pallets/flask/releases/tag/2.3.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://github.com/pallets/flask/releases/tag/2.3.2

reference_url

https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html

reference_url

https://security.netapp.com/advisory/ntap-20230818-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0006

reference_url

https://www.debian.org/security/2023/dsa-5442

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://www.debian.org/security/2023/dsa-5442

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035670
reference_id	1035670
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035670

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196643
reference_id	2196643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196643

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-30861

reference_id

CVE-2023-30861

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-30861

reference_url

https://github.com/advisories/GHSA-m2qf-hxjv-5gpq

reference_id

GHSA-m2qf-hxjv-5gpq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m2qf-hxjv-5gpq

reference_url

https://security.netapp.com/advisory/ntap-20230818-0006/

reference_id

ntap-20230818-0006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:21Z/

url

https://security.netapp.com/advisory/ntap-20230818-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3440
reference_id	RHSA-2023:3440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3440

reference_url	https://access.redhat.com/errata/RHSA-2023:3444
reference_id	RHSA-2023:3444
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3444

reference_url	https://access.redhat.com/errata/RHSA-2023:3446
reference_id	RHSA-2023:3446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3446

reference_url	https://access.redhat.com/errata/RHSA-2023:3525
reference_id	RHSA-2023:3525
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3525

reference_url	https://access.redhat.com/errata/RHSA-2023:3536
reference_id	RHSA-2023:3536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3536

reference_url	https://access.redhat.com/errata/RHSA-2023:3541
reference_id	RHSA-2023:3541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3541

reference_url	https://access.redhat.com/errata/RHSA-2023:3545
reference_id	RHSA-2023:3545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3545

reference_url	https://access.redhat.com/errata/RHSA-2023:7341
reference_id	RHSA-2023:7341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7341

reference_url	https://usn.ubuntu.com/6111-1/
reference_id	USN-6111-1
reference_type
scores
url	https://usn.ubuntu.com/6111-1/

Weaknesses

cwe_id	539
name	Use of Persistent Cookies Containing Sensitive Information
description	The web application uses persistent cookies, but the cookies contain sensitive information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	488
name	Exposure of Data Element to Wrong Session
description	The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f2e-66xz-t7cu

Vulnerability Instance