CVE-2020-25032: Insecure Default Initialization of Resource
(updated )
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) It allows ../
directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
References
Detect and mitigate CVE-2020-25032 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →