Search CVE reports
1 – 3 of 3 results
CVE-2024-6221
Medium priorityA vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network...
1 affected packages
python-flask-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-flask-cors | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-1681
Medium prioritycorydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in...
1 affected packages
python-flask-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-flask-cors | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2020-25032
Medium prioritySome fixes available 1 of 2
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
1 affected packages
python-flask-cors
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-flask-cors | — | Not affected | Fixed | Not in release | Not in release |