An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.
"https://github.com/pypa/advisory-database/blob/main/vulns/tutor/PYSEC-2025-219.yaml"