CVE-2020-25032

2020-09-08T02:21:05
ID RH:CVE-2020-25032
Type redhatcve
Reporter redhat.com
Modified 2021-09-29T03:02:47

Description

A flaw was found in Flask-CORS (aka CORS Middleware for Flask). This issue allows the ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. The highest threat from this vulnerability is to confidentiality.