4 matches found
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.01, which stems from a case-insensitive request path matching that could lead to unauthorized cross-domain access...
UBUNTU-CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask. A security vulnerability exists in Flask-CORS that stems from a vulnerability to a log injection attack when the log level is set to debug, which can be exploited by an attacker to send a specially crafted GET request that contain...
PYSEC-2020-43
An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...