vulnerability
FreeBSD: VID-692a5fd5-bb25-4df4-8a0e-eb91581f2531 (CVE-2021-33026): py-flask-caching -- remote code execution or local privilege escalation vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 31, 2023 | Sep 1, 2023 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 31, 2023
Added
Sep 1, 2023
Modified
Dec 10, 2025
Description
subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
Solutions
freebsd-upgrade-package-py37-flask-cachingfreebsd-upgrade-package-py38-flask-cachingfreebsd-upgrade-package-py39-flask-cachingfreebsd-upgrade-package-py310-flask-cachingfreebsd-upgrade-package-py311-flask-caching
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.