Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-25032

Опубликовано: 31 авг. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-flask-corsfixed3.0.9-1package

Примечания

  • https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895

EPSS

Процентиль: 79%
0.01251
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-25032

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

redhat логотип

CVE-2020-25032

CVSS3: 7.5
redhat
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

nvd логотип

CVE-2020-25032

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

suse-cvrf логотип

openSUSE-SU-2020:1393-1

suse-cvrf
больше 5 лет назад

Security update for python-Flask-Cors

github логотип

GHSA-xc3p-ff3m-f46v

CVSS3: 7.5
github
почти 5 лет назад

Flask-Cors Directory Traversal vulnerability

EPSS

Процентиль: 79%
0.01251
Низкий