Identifier

CVE-2020-25032

Package Slug

pypi/flask-cors

Vulnerability

Insecure Default Initialization of Resource

Description

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Affected Versions

All versions before 3.0.9

Solution

Upgrade to version 3.0.9 or above.

Last Modified

2020-09-06

source