CVE-2021-33026
published 2021-05-13CVE-2021-33026: The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.29%
93.6th percentile
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | flask-caching | — | — |
| flask-caching_project | flask-caching | <= 1.10.1 | — |
| flask-caching_project | flask-caching | 0 – 1.10.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandUPDATE my_cache_table SET value = 'gASVHgAAAAAAAACMAm9zlIwGc3lzdGVtlJOUjAZ3aG9hbWmUhZRSlC4=' where rowid=2;↗
- →Monitor cache storage backends (filesystem, Memcached, Redis, database) for unexpected writes or modifications to cached values, particularly binary/base64-encoded blobs that may represent crafted Pickle payloads. ↗
- →Detect Pickle deserialization abuse by alerting on unexpected process spawning (e.g., shell commands like 'whoami') originating from the web application server process, which may indicate a poisoned cache entry being deserialized. ↗
- →Inspect database cache tables (e.g., Django's DatabaseCache backend) for rows where the 'value' column contains base64-encoded data beginning with 'gASV' — the Pickle protocol 5 opcode header — as this is characteristic of crafted RCE payloads. ↗
- →Alert on direct or indirect calls to pickle.load() within Flask-Caching (through 1.10.1) or Django cache backends (Locmem, Filebased, Database, Redis) when processing data from external/shared cache stores. ↗
- ·Exploitation requires the attacker to already have write access to the cache storage backend; exploitation is considered extremely unlikely unless the machine is already compromised or the attacker can write to the cache and generate the required key collision. ↗
- ·The Flask-Caching vulnerability affects versions through 1.10.1; all Debian tracked releases (bookworm, bullseye, forky, sid, trixie) remain open/unpatched as of the source data. ↗
- ·The Django database cache PoC uses sqlite3 on the same machine for simplicity, but the real-world risk is highest when the cache (database or Redis) runs on a separate machine/container from the Django application server. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Deserialization of Untrusted Data in Flask-Caching
osv·2021-06-18
CVE-2021-33026 [MEDIUM] Deserialization of Untrusted Data in Flask-Caching
Deserialization of Untrusted Data in Flask-Caching
Flask-Cache adds easy cache support to Flask. The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
However, this is not a high-severity issue, as for an attack like this to work, an attacker must:
1. Be able to write arbitrary values to the cache
2. Be able to generate a cache key that will collide with a value being read by the application
3. Cause the application to read a maliciously-injected value
Any situation where all 3 of those is true is a situation where
GHSA
Deserialization of Untrusted Data in Flask-Caching
ghsa·2021-06-18
CVE-2021-33026 [MEDIUM] CWE-269 Deserialization of Untrusted Data in Flask-Caching
Deserialization of Untrusted Data in Flask-Caching
Flask-Cache adds easy cache support to Flask. The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
However, this is not a high-severity issue, as for an attack like this to work, an attacker must:
1. Be able to write arbitrary values to the cache
2. Be able to generate a cache key that will collide with a value being read by the application
3. Cause the application to read a maliciously-injected value
Any situation where all 3 of those is true is a situation where
OSV
CVE-2021-33026: ** DISPUTED ** The Flask-Caching extension through 1
osv·2021-05-13·CVSS 9.8
CVE-2021-33026 [CRITICAL] CVE-2021-33026: ** DISPUTED ** The Flask-Caching extension through 1
** DISPUTED ** The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision.
OSV
CVE-2021-33026: The Flask-Caching extension through 1
osv·2021-05-13·CVSS 9.8
CVE-2021-33026 [CRITICAL] CVE-2021-33026: The Flask-Caching extension through 1
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision
Debian
CVE-2021-33026: flask-caching - The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serial...
vendor_debian·2021·CVSS 9.8
CVE-2021-33026 [CRITICAL] CVE-2021-33026: flask-caching - The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serial...
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
2021-05-13
Published