Snyk
security.snyk.io › snyk vulnerability database › pip › flask
flask 1.0.1 vulnerabilities | Snyk
Learn more about known flask 1.0.1 vulnerabilities and licenses detected.
Medium
medium.com › swlh › hacking-flask-applications-939eae4bffed
Hacking Flask Applications. Executing arbitrary commands using the… | by Vickie Li | The Startup | Medium
February 18, 2020 - Starting with Werkzeug 0.11 the debug console is protected by a PIN by default. If an incorrect PIN is entered too many times the server needs to be restarted.
Vulmon
vulmon.com › home › search results
flask vulnerabilities and exploits
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.
Snyk
security.snyk.io › snyk vulnerability database › pip
flask | Snyk
Security vulnerabilities and package health score for pip package flask
Rapid7
rapid7.com › db › modules › exploit › multi › http › werkzeug_debug_rce
Pallete Projects Werkzeug Debugger Remote Code ...
This module will exploit the Werkzeug debug console to put down a Python shell. Werkzeug is included with Flask, but not enabled by default. It is also included in other projects, for example the RunServerPlus extension for Django.
CVE Details
cvedetails.com › cve › CVE-2019-1010083
CVE-2019-1010083 : The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. Th
August 24, 2020 - The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1.
Veracode
sourceclear.com › vulnerability-database › security › denial-of-service-dos › python › sid-7338
Denial Of Service (DoS) Vulnerability in the Flask library + 1 ...
We cannot provide a description for this page right now
Snyk
snyk.io › snyk vulnerability database › pip › flask
Flask 1.1.1 vulnerabilities | Snyk
Learn more about known Flask 1.1.1 vulnerabilities and licenses detected.
HackTricks
book.hacktricks.xyz › network-services-pentesting › pentesting-web › werkzeug
Werkzeug / Flask Debug - HackTricks
Upon collating all necessary data, the exploit script can be executed to generate the Werkzeug console PIN. The script uses the assembled probably_public_bits and private_bits to create a hash, which then undergoes further processing to produce the final PIN.
GitHub
github.com › lokori › flask-vuln
GitHub - lokori/flask-vuln: Pretty vulnerable flask app..
September 29, 2017 - If you run this for other people, somewhere, you should add --host=0.0.0.0 to flask command parameters to listen for all IP addresses.
Starred by 22 users
Forked by 12 users
Languages HTML 63.2% | Python 32.2% | Shell 2.5% | Dockerfile 2.1% | HTML 63.2% | Python 32.2% | Shell 2.5% | Dockerfile 2.1%
CVE Details
cvedetails.com › version › 986424 › Flask-user-Project-Flask-user-1.0.1.1.html
Flask-user Project Flask-user 1.0.1.1 security vulnerabilities, CVEs
Flask-user Project Flask-user version 1.0.1.1 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references
Ubuntu
ubuntu.com › security › notices › USN-6111-1
USN-6111-1: Flask vulnerability | Ubuntu security notices | Ubuntu
It was discovered that Flask incorrectly handled certain data responses.
F5
my.f5.com › manage › s › article › K63597327
K63597327: Python Flask vulnerability CVE-2018-1000656
June 22, 2021 - Loading · ×Sorry to interrupt · Refresh
Veracode
sca.analysiscenter.veracode.com › vulnerability-database › security › 1 › 1 › sid-30504 › summary
Privilege Escalation Vulnerability in the Flask-Caching library
We cannot provide a description for this page right now
Veracode
sourceclear.com › vulnerability-database › security › denial-of-service-dos › python › sid-20847
Denial Of Service (DoS) Vulnerability in the Flask library
We cannot provide a description for this page right now
Nvisium
blog.nvisium.com › injecting-flask
Injecting Flask
July 5, 2018 - The template engine provided within the Flask framework may allow developers to introduce Server-Side Template Injection vulnerabilities. If you’re unfamiliar check out the whitepaper(PDF) by James Kettle. Briefly, this vulnerability allows an attacker to inject language/syntax into templates.
GitHub
github.com › garethr › snyky
GitHub - garethr/snyky: A known vulnerable Flask app with an excessive amount of automated testing
[snyk : snyk] [snyk : snyk] [snyk : snyk] Issues with no direct upgrade or patch: [snyk : snyk] ✗ Improper Input Validation [High Severity][https://snyk.io/vuln/SNYK-PYTHON-FLASK-42185] in flask@0.12 [snyk : snyk] This issue was fixed in versions: 0.12.3 [snyk : snyk] ✗ Denial of Service (DOS) [High Severity][https://snyk.io/vuln/SNYK-PYTHON-FLASK-451637] in flask@0.12 [snyk : snyk] This issue was fixed in versions: 1.0 [snyk : snyk] [snyk : snyk] [snyk : snyk] [snyk : snyk] Organization: garethr [snyk : snyk] Package manager: pip [snyk : snyk] Target file: Pipfile [snyk : snyk] Open source: no [snyk : snyk] Project path: /workspace/source [snyk : snyk] Licenses: enabled [snyk : snyk
Starred by 13 users
Forked by 10 users
Languages Open Policy Agent 43.2% | Python 25.6% | Makefile 13.0% | Dockerfile 10.3% | Smarty 7.9% | Open Policy Agent 43.2% | Python 25.6% | Makefile 13.0% | Dockerfile 10.3% | Smarty 7.9%
Netapp
security.netapp.com › advisory › ntap-20230818-0006
CVE-2023-30861 Flask Vulnerability in NetApp Products
NetApp is an industry leader in developing and implementing product security standards. Learn how we can help you maintain the confidentiality, integrity, and availability of your data.
Snyk
security.snyk.io › snyk vulnerability database › pip › flask-useful
flask-useful 0.1.dev1 vulnerabilities | Snyk
Learn more about known flask-useful 0.1.dev1 vulnerabilities and licenses detected.