Safety CI > fptiangco/rest-v2-python

pyup-update-pytest-cov-5.0.0-to-7.1.0

1 week, 3 days ago

5fa3cbb9

Update pytest-cov from 5.0.0 to 7.1.0

Flask 3.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
Flask	3.0.3	<3.1.3	show Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Package

Installed

Affected

Info

Flask

3.0.3

<3.1.3

show

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

pyup-update-coverage-7.6.1-to-7.13.5

2 weeks ago

390c1e94

Update coverage from 7.6.1 to 7.13.5

Flask 3.0.3 has known security vulnerabilities.

Package	Installed	Affected	Info
Flask	3.0.3	<3.1.3	show Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

Package

Installed

Affected

Info

Flask

3.0.3

<3.1.3

show

Affected versions of the Flask package are vulnerable to Information Disclosure due to missing cache-variation headers when the session object is accessed via certain code paths. In Flask’s session handling, accessing flask.session is intended to set a Vary: Cookie response header, but session key-only access patterns (such as using the Python in operator to test for a key without reading or mutating session values) can bypass the logic that adds the header.

pyup-update-flask-3.0.3-to-3.1.3

1 month, 1 week ago

8107f1f2

Update flask from 3.0.3 to 3.1.3