{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36433?format=json","vulnerability_id":"VCID-nsmh-gqz9-tkat","summary":"Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets `session.permanent = True`\n3. The application does not access or modify the session at any point during a request.\n4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.","aliases":[{"alias":"CVE-2023-30861"},{"alias":"GHSA-m2qf-hxjv-5gpq"},{"alias":"PYSEC-2023-62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33529?format=json","purl":"pkg:pypi/flask@2.2.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/33530?format=json","purl":"pkg:pypi/flask@2.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11855?format=json","purl":"pkg:pypi/flask@0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11856?format=json","purl":"pkg:pypi/flask@0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11857?format=json","purl":"pkg:pypi/flask@0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/11858?format=json","purl":"pkg:pypi/flask@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11859?format=json","purl":"pkg:pypi/flask@0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/11860?format=json","purl":"pkg:pypi/flask@0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/11861?format=json","purl":"pkg:pypi/flask@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11862?format=json","purl":"pkg:pypi/flask@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11863?format=json","purl":"pkg:pypi/flask@0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/11864?format=json","purl":"pkg:pypi/flask@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11865?format=json","purl":"pkg:pypi/flask@0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/11866?format=json","purl":"pkg:pypi/flask@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11867?format=json","purl":"pkg:pypi/flask@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11868?format=json","purl":"pkg:pypi/flask@0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/11869?format=json","purl":"pkg:pypi/flask@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11870?format=json","purl":"pkg:pypi/flask@0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/11871?format=json","purl":"pkg:pypi/flask@0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/11872?format=json","purl":"pkg:pypi/flask@0.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11873?format=json","purl":"pkg:pypi/flask@0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/11874?format=json","purl":"pkg:pypi/flask@0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11875?format=json","purl":"pkg:pypi/flask@0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/11876?format=json","purl":"pkg:pypi/flask@0.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11877?format=json","purl":"pkg:pypi/flask@0.12.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"},{"vulnerability":"VCID-wrh4-zmmb-7ua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11878?format=json","purl":"pkg:pypi/flask@0.12.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13726?format=json","purl":"pkg:pypi/flask@0.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/13727?format=json","purl":"pkg:pypi/flask@0.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"},{"vulnerability":"VCID-tjhw-9ss4-wqar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@0.12.5"},{"url":"http://public2.vulnerablecode.io/api/packages/13728?format=json","purl":"pkg:pypi/flask@1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33503?format=json","purl":"pkg:pypi/flask@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33504?format=json","purl":"pkg:pypi/flask@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/33505?format=json","purl":"pkg:pypi/flask@1.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33506?format=json","purl":"pkg:pypi/flask@1.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/33507?format=json","purl":"pkg:pypi/flask@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33508?format=json","purl":"pkg:pypi/flask@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33509?format=json","purl":"pkg:pypi/flask@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/33510?format=json","purl":"pkg:pypi/flask@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33511?format=json","purl":"pkg:pypi/flask@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/33512?format=json","purl":"pkg:pypi/flask@2.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/33513?format=json","purl":"pkg:pypi/flask@2.0.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/33514?format=json","purl":"pkg:pypi/flask@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33515?format=json","purl":"pkg:pypi/flask@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33516?format=json","purl":"pkg:pypi/flask@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/33517?format=json","purl":"pkg:pypi/flask@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33518?format=json","purl":"pkg:pypi/flask@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33519?format=json","purl":"pkg:pypi/flask@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33520?format=json","purl":"pkg:pypi/flask@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/33521?format=json","purl":"pkg:pypi/flask@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33522?format=json","purl":"pkg:pypi/flask@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33523?format=json","purl":"pkg:pypi/flask@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/33524?format=json","purl":"pkg:pypi/flask@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/33525?format=json","purl":"pkg:pypi/flask@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33526?format=json","purl":"pkg:pypi/flask@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/33527?format=json","purl":"pkg:pypi/flask@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/33528?format=json","purl":"pkg:pypi/flask@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nsmh-gqz9-tkat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask@2.3.1"}],"references":[{"reference_url":"https://github.com/pallets/flask","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask"},{"reference_url":"https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b"},{"reference_url":"https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965"},{"reference_url":"https://github.com/pallets/flask/releases/tag/2.2.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask/releases/tag/2.2.5"},{"reference_url":"https://github.com/pallets/flask/releases/tag/2.3.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask/releases/tag/2.3.2"},{"reference_url":"https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0006","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230818-0006"},{"reference_url":"https://www.debian.org/security/2023/dsa-5442","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2023/dsa-5442"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30861","reference_id":"CVE-2023-30861","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30861"},{"reference_url":"https://github.com/advisories/GHSA-m2qf-hxjv-5gpq","reference_id":"GHSA-m2qf-hxjv-5gpq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m2qf-hxjv-5gpq"}],"weaknesses":[{"cwe_id":539,"name":"Use of Persistent Cookies Containing Sensitive Information","description":"The web application uses persistent cookies, but the cookies contain sensitive information."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsmh-gqz9-tkat"}