Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
Flask Number Of NVD 3 CRITICAL 0 HIGH 3 MEDIUM 0 LOW 0
URL https://palletsprojects.com/p/flask/
Explanation It is a lightweight web application framework for Python.
It calls itself a micro-framework and does not have features such as database abstraction or data validation. However, there are extensions to compensate for these features.
For development purposes, there are several template engines such as "Jinja [https://palletsprojects.com/p/jinja/]" and "Werkzeug [https://werkzeug.palletsprojects.com/en/1.0.x/]". Jinja [] and Werkzeug [] as template engines.
Tag
  • Python
Add Information URL
No Type Name URL
1 https://pypi.org/project/Flask/
2 https://github.com/pallets/flask
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Flask 2.3 2.3.3 Aug. 22, 2023 April 26, 2023 0 1 0 0
2 Flask 2.2 2.2.5 May 2, 2023 Aug. 2, 2022 0 1 0 0
3 Flask 2.1 2.1.3 July 14, 2022 March 29, 2022 0 1 0 0
4 Flask 2.0 2.0.3 Nov. 17, 2021 May 11, 2021 0 1 0 0
5 Flask 1.1 1.1.x May 13, 2021 July 4, 2019 0 1 0 0
6 Flask 1.0 1.0.4 July 4, 2019 April 26, 2018 0 1 0 0
7 Flask 0.9 0.9 0 3 0 0
8 Flask 0.8 0.8.1 0 3 0 0
9 Flask 0.7 0.7.2 0 3 0 0
10 Flask 0.6 0.6.1 0 3 0 0
11 Flask 0.5 0.5.2 0 3 0 0
12 Flask 0.4 0.4 0 3 0 0
13 Flask 0.3 0.3.1 0 3 0 0
14 Flask 0.2 0.2 0 3 0 0
15 Flask 0.12 0.12.5 Feb. 10, 2020 0 3 0 0
16 Flask 0.11 0.11.1 0 3 0 0
17 Flask 0.10 0.10.1 0 3 0 0
18 Flask 0.1 0.8.1 July 1, 2012 0 3 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the prox… CWE-539
 Use of Persistent Cookies Containing Sensitive Information 		CVE-2023-30861 cpe:2.3:a:palletsprojects:flask:*:*
2.3.0

2.2.5
2.3.2 		2023-08-21 06:15
2023-05-3 		Show GitHub Exploit DB Packet Storm
2 7.5
5.0 		HIGH
Network 		The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this ma… NVD-CWE-noinfo
CVE-2019-1010083 cpe:2.3:a:palletsprojects:flask:*:* 1.0 2020-08-25 02:37
2019-07-17 		Show GitHub Exploit DB Packet Storm
3 7.5
5.0 		HIGH
Network 		The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of servi… CWE-20
 Improper Input Validation  		CVE-2018-1000656 cpe:2.3:a:palletsprojects:flask:*:* 0.12.3 2020-06-10 07:15
2018-08-21 		Show GitHub Exploit DB Packet Storm