Debian Security Advisory
DSA-5442-1 flask -- security update
- Date Reported:
- 29 Jun 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-30861.
- More information:
It was discovered that in some conditions the Flask web framework may disclose a session cookie.
For the oldstable distribution (bullseye), this problem has been fixed in version 1.1.2-2+deb11u1.
We recommend that you upgrade your flask packages.
For the detailed security status of flask please refer to its security tracker page at: https://security-tracker.debian.org/tracker/flask