Vulnerability	Vulnerable Version
L Use of Cache Containing Sensitive Information Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the `session` object. An attacker can cause sensitive user-specific responses to be cached and served to other users by leveraging a caching proxy that does not ignore responses with cookies, when the application does not set a `Cache-Control` header and accesses the session only for keys without mutating or accessing values. Note: This is only exploitable if the application is hosted behind a caching proxy that does not ignore responses with cookies, does not set a `Cache-Control` header to indicate that a page is private or should not be cached, and accesses the session in a way that does not access the values, only the keys, and does not mutate the session. How to fix Use of Cache Containing Sensitive Information? Upgrade `flask` to version 3.1.3 or higher.	[,3.1.3)

Use of Cache Containing Sensitive Information

Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the session object. An attacker can cause sensitive user-specific responses to be cached and served to other users by leveraging a caching proxy that does not ignore responses with cookies, when the application does not set a Cache-Control header and accesses the session only for keys without mutating or accessing values.

Note:

This is only exploitable if the application is hosted behind a caching proxy that does not ignore responses with cookies, does not set a Cache-Control header to indicate that a page is private or should not be cached, and accesses the session in a way that does not access the values, only the keys, and does not mutate the session.

How to fix Use of Cache Containing Sensitive Information?

Upgrade flask to version 3.1.3 or higher.

[,3.1.3)

Go back to all versions of this package