FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
692a5fd5-bb25-4df4-8a0e-eb91581f2531	py-flask-caching -- remote code execution or local privilege escalation vulnerabilities subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. Discovery 2021-05-13 Entry 2023-08-31 py37-flask-caching py38-flask-caching py39-flask-caching py310-flask-caching py311-flask-caching <= 2.0.2 CVE-2021-33026 https://osv.dev/vulnerability/PYSEC-2021-13 https://osv.dev/vulnerability/GHSA-656c-6cxf-hvcv

VuXML ID

Description

692a5fd5-bb25-4df4-8a0e-eb91581f2531

py-flask-caching -- remote code execution or local privilege escalation vulnerabilities

subnix reports:

The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.

If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.

Discovery 2021-05-13
Entry 2023-08-31
py37-flask-caching
py38-flask-caching
py39-flask-caching
py310-flask-caching
py311-flask-caching

<= 2.0.2

CVE-2021-33026
https://osv.dev/vulnerability/PYSEC-2021-13
https://osv.dev/vulnerability/GHSA-656c-6cxf-hvcv