Safety CI > geokrety/geokrety-jsonapi-client-proto

pyup-update-flask-1.0.2-to-3.1.2

3 months, 2 weeks ago

2465b4ea

Update flask from 1.0.2 to 3.1.2

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-3.1.1

6 months, 3 weeks ago

349796ea

Update flask from 1.0.2 to 3.1.1

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-3.1.0

1 year ago

20eed4ee

Update flask from 1.0.2 to 3.1.0

No dependencies with known security vulnerabilities.

pyup-update-jsonapi-requests-0.6.0-to-0.8.0

1 year, 4 months ago

566af899

Update jsonapi-requests from 0.6.0 to 0.8.0

Flask 1.0.2 has known security vulnerabilities.

Package	Installed	Affected	Info
Flask	1.0.2	<2.2.5 , >=2.3.0,<2.3.2	show Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met: 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets 'session.permanent = True' 3. The application does not access or modify the session at any point during a request. 4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default). 5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

Package

Installed

Affected

Info

Flask

1.0.2

<2.2.5 , >=2.3.0,<2.3.2

show

Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met:
1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.
2. The application sets 'session.permanent = True'
3. The application does not access or modify the session at any point during a request.
4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).
5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.
This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq

pyup-update-flask-1.0.2-to-3.0.3

1 year, 8 months ago

cb862059

Update flask from 1.0.2 to 3.0.3

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-3.0.2

1 year, 10 months ago

426c8e1b

Update flask from 1.0.2 to 3.0.2

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-3.0.1

1 year, 10 months ago

7adc97fc

Update flask from 1.0.2 to 3.0.1

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-3.0.0

2 years, 2 months ago

48d7c4ba

Update flask from 1.0.2 to 3.0.0

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.3.3

2 years, 3 months ago

2e273a62

Update flask from 1.0.2 to 2.3.3

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.3.2

2 years, 7 months ago

7c564cbf

Update flask from 1.0.2 to 2.3.2

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.3.1

2 years, 7 months ago

168d3f7a

Update flask from 1.0.2 to 2.3.1

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.3.0

2 years, 7 months ago

36a6f6bb

Update flask from 1.0.2 to 2.3.0

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.2.4

2 years, 7 months ago

c155b06a

Update flask from 1.0.2 to 2.2.4

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.2.3

2 years, 9 months ago

8a311753

Update flask from 1.0.2 to 2.2.3

No dependencies with known security vulnerabilities.

pyup-update-flask-1.0.2-to-2.2.2

3 years, 3 months ago

e0c7b7c0

Update flask from 1.0.2 to 2.2.2

No dependencies with known security vulnerabilities.