The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).ĥ. The application does not access or modify the session at any point during a request.Ĥ. The application sets `session.permanent = True`ģ. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.Ģ. The risk depends on all these conditions being met.ġ. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.įlask is a lightweight WSGI web application framework. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers CVE-2023-45725ĭesign document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document.Īn attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function.įor the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. The vulnerabilities are implied based on the software and version. Note: the device may not be impacted by all of these issues.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |