CVE-2020-25032

Опубликовано: 31 авг. 2020

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

A flaw was found in Flask-CORS (aka CORS Middleware for Flask). This issue allows the ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. The highest threat from this vulnerability is to confidentiality.

Отчет

Red Hat Quay includes Flask-CORS but does not use the vulnerable resource matching functionality. Therefore this issue is rated as low impact for Red Hat Quay.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Quay 3	python-flask-cors	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=1876698python-flask-cors: allows ../ directory traversal to access private resources

EPSS

Процентиль: 79%

0.01251

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-25032

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2020-25032

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-25032

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...

openSUSE-SU-2020:1393-1

suse-cvrf

больше 5 лет назад

Security update for python-Flask-Cors

GHSA-xc3p-ff3m-f46v

CVSS3: 7.5

github

почти 5 лет назад

Flask-Cors Directory Traversal vulnerability

EPSS

Процентиль: 79%

0.01251

Низкий

7.5 High

CVSS3