vulnerability
FreeBSD: VID-692a5fd5-bb25-4df4-8a0e-eb91581f2531 (CVE-2021-33026): py-flask-caching -- remote code execution or local privilege escalation vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 31, 2023 | Sep 1, 2023 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 31, 2023
Added
Sep 1, 2023
Modified
Mar 25, 2026
Description
subnix reports: The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
Solutions
freebsd-upgrade-package-py37-flask-cachingfreebsd-upgrade-package-py38-flask-cachingfreebsd-upgrade-package-py39-flask-cachingfreebsd-upgrade-package-py310-flask-cachingfreebsd-upgrade-package-py311-flask-caching
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.