FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-Flask-Cors -- directory traversal vulnerability

Affected packages
py310-Flask-Cors < 3.0.9
py311-Flask-Cors < 3.0.9
py37-Flask-Cors < 3.0.9
py38-Flask-Cors < 3.0.9
py39-Flask-Cors < 3.0.9

Details

VuXML ID 252f40cb-618c-47f4-a2cf-1abf30cffbbe
Discovery 2020-08-31
Entry 2023-08-31

praetorian-colby-morgan reports:

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9.

It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

[source]

References

CVE Name CVE-2020-25032
URL https://osv.dev/vulnerability/GHSA-xc3p-ff3m-f46v
URL https://osv.dev/vulnerability/PYSEC-2020-43

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.