Vulmon
vulmon.com › home › search results
flask vulnerabilities and exploits
Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back t... Dpgaspar Flask-appbuilderFlask-appbuilder Project Flask-appbuilder ... The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.
Snyk
snyk.io › snyk vulnerability database › pip › flask
Flask 1.1.2 vulnerabilities | Snyk
Learn more about known Flask 1.1.2 vulnerabilities and licenses detected.
Snyk
snyk.io › snyk vulnerability database › pip
flask | Snyk
June 30, 2021 - Security vulnerabilities and package health score for pip package flask
CVE Details
cvedetails.com › product › 57169 › Palletsprojects-Flask.html
Palletsprojects Flask security vulnerabilities, CVEs, versions and CVE reports
This page lists vulnerability statistics for all versions of Palletsprojects » Flask. Vulnerability statistics provide a quick overview for security vulnerabilities of Flask.
Snyk
security.snyk.io › snyk vulnerability database › pip › flask
flask 2.1.1 vulnerabilities | Snyk
Learn more about known flask 2.1.1 vulnerabilities and licenses detected.
Snyk
security.snyk.io › snyk vulnerability database › pip › flask
flask 2.1.2 vulnerabilities | Snyk
Learn more about known flask 2.1.2 vulnerabilities and licenses detected.
GitHub
github.com › lokori › flask-vuln
GitHub - lokori/flask-vuln: Pretty vulnerable flask app..
September 29, 2017 - Flask is a single-threaded development server. Which means it hangs and sucks in a workshop setting. As a remedy, do something like this: Setup Ubuntu server on EC2, proper firewalls etc. ... This runs it through Gunicorn which is a better implementation for multi-threaded web server. People should try to solve and figure out this manually. Running OWASP ZAP will immediately reveal most of the vulnerabilities on this application (as you can expect, given that this is intentionally a soft target for practice) taking all the learning out of the experience.
Starred by 22 users
Forked by 12 users
Languages HTML 63.2% | Python 32.2% | Shell 2.5% | Dockerfile 2.1% | HTML 63.2% | Python 32.2% | Shell 2.5% | Dockerfile 2.1%
Snyk
security.snyk.io › snyk vulnerability database › pip › flask-appbuilder
Flask-AppBuilder 2.1.2 vulnerabilities | Snyk
Learn more about known Flask-AppBuilder 2.1.2 vulnerabilities and licenses detected.
Cybersecurity Help
cybersecurity-help.cz › vdb › SB2021062302
Improper input validation in Python Flask module in BIG-IQ Centralized Management and F5OS
June 23, 2021 - This security bulletin contains information about 2 vulnerabilities.
Medium
medium.com › swlh › hacking-flask-applications-939eae4bffed
Hacking Flask Applications. Executing arbitrary commands using the… | by Vickie Li | The Startup | Medium
February 18, 2020 - I wasn’t aware, however, of the security risks that come with using Flask. Today, let’s discuss one of them, a vulnerability found in Flask applications that can lead to Remote Code Execution (RCE).
Snyk
security.snyk.io › snyk vulnerability database › pip › flask
flask 0.12.2 vulnerabilities | Snyk
Learn more about known flask 0.12.2 vulnerabilities and licenses detected.
Ubuntu
ubuntu.com › security › notices › USN-4378-1
USN-4378-1: Flask vulnerability | Ubuntu security notices | Ubuntu
It was discovered that Flask incorrectly handled certain inputs.
CVE Details
cvedetails.com › vulnerability-list › vendor_id-24664 › product_id-95501 › Flask-security-Project-Flask-security.html
Flask-security Project Flask-security : Security vulnerabilities, CVEs
May 17, 2021 - This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.
Netapp
security.netapp.com › advisory › ntap-20230818-0006
CVE-2023-30861 Flask Vulnerability in NetApp Products
NetApp is an industry leader in developing and implementing product security standards. Learn how we can help you maintain the confidentiality, integrity, and availability of your data.
Cisco Bug Search Tool
bst.cisco.com › quickview › bug › CSCwj47312
Cisco Bug: CSCwj47312 - Vulnerabilities in flask 0.12.2
We cannot provide a description for this page right now
HackTricks
book.hacktricks.xyz › network-services-pentesting › pentesting-web › werkzeug
Werkzeug / Flask Debug - HackTricks
The PIN generation mechanism can ... file traversal vulnerability due to potential version discrepancies. To exploit the console PIN, two sets of variables, probably_public_bits and private_bits, are needed: username: Refers to the user who initiated the Flask sessio...
IBM
ibm.com › support › pages › security-bulletin-vulnerability-flask-and-python-affects-ibm-spectrum-protect-plus-microsoft-file-systems-backup-and-restore-cve-2021-33026-cve-2022-0391
Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)
March 11, 2022 - CVEID: CVE-2021-33026 DESCRIPTION: Flask-Caching extension for Flask could allow a local lauthenticated attacker to gain elevated privileges on the system, caused by an unsafe deserialization flaw in Pickle. By sending a specially-crested payload, an authenticated attacker could exploit this ...
CVE Details
cvedetails.com › version › 986430 › Flask-user-Project-Flask-user-1.0.2.1.html
Flask-user Project Flask-user 1.0.2.1 security vulnerabilities, CVEs
Flask-user Project Flask-user version 1.0.2.1 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references