openSUSE-SU-2020:1393-1

Опубликовано: 09 сент. 2020

Источник: suse-cvrf

Описание

Security update for python-Flask-Cors

This update for python-Flask-Cors fixes the following issues:

CVE-2020-25032: fix a relative directory traversal vulnerability (bsc#1175986).

Список пакетов

openSUSE Leap 15.1

python2-Flask-Cors-3.0.8-lp152.2.3.1

python3-Flask-Cors-3.0.8-lp152.2.3.1

openSUSE Leap 15.2

python2-Flask-Cors-3.0.8-lp152.2.3.1

python3-Flask-Cors-3.0.8-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VHRJRGEEXMCNGXZCLYPCLF76DURA52MJ/
E-Mail link for openSUSE-SU-2020:1393-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175986
SUSE Bug 1175986
https://www.suse.com/security/cve/CVE-2020-25032/
SUSE CVE CVE-2020-25032 page

Описание

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

Затронутые продукты

openSUSE Leap 15.1:python2-Flask-Cors-3.0.8-lp152.2.3.1

openSUSE Leap 15.1:python3-Flask-Cors-3.0.8-lp152.2.3.1

openSUSE Leap 15.2:python2-Flask-Cors-3.0.8-lp152.2.3.1

openSUSE Leap 15.2:python3-Flask-Cors-3.0.8-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-25032.html
CVE-2020-25032
https://bugzilla.suse.com/1175986
SUSE Bug 1175986

openSUSE-SU-2020:1393-1

Описание

Список пакетов

openSUSE Leap 15.1

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-25032

Описание

Затронутые продукты

Ссылки