Shouryaj98

**Name of the Vulnerable Software and Affected Versions** Flask versions 3.1.2 and below **Description** Flask, a web server gateway interface (WSGI) web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header, potentially leading to a Use of Cache Containing Sensitive Information issue. This occurs when the application is hosted behind a caching proxy that doesn't ignore responses with cookies, lacks a 'Cache-Control' header to mark pages as private or non-cacheable, and accesses the session in a way that only touches keys without reading values or mutating the session. The issue stems from overlooking certain forms of access, such as the Python 'in' operator. **Recommendations** Update to Flask version 3.1.3 or later.