Advisories for Pypi/Flask package

When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the application's use of the session, and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. …

Denial of Service due to unexpected memory usage in the Pallets Project Flask

Improper Input Validation vulnerability in Flask that can result in large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding.

This package is vulnerable to Arbitrary File Download. A client can use backslashes to escape the directory the files where exposed from. Note: Only if the host server is a windows-based operating system.