Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25032

Опубликовано: 31 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

РелизСтатусПримечание
bionic

DNE

devel

not-affected

3.0.9-2
esm-apps/focal

released

3.0.8-2ubuntu0.1
esm-apps/jammy

not-affected

3.0.9-2
esm-infra-legacy/trusty

DNE

focal

released

3.0.8-2ubuntu0.1
groovy

ignored

end of life
hirsute

not-affected

3.0.9-2
impish

not-affected

3.0.9-2
jammy

not-affected

3.0.9-2

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00539
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25032

CVSS3: 7.5
redhat
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

nvd логотип

CVE-2020-25032

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

debian логотип

CVE-2020-25032

CVSS3: 7.5
debian
больше 5 лет назад

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...

suse-cvrf логотип

openSUSE-SU-2020:1393-1

suse-cvrf
больше 5 лет назад

Security update for python-Flask-Cors

github логотип

GHSA-xc3p-ff3m-f46v

CVSS3: 7.5
github
почти 5 лет назад

Flask-Cors Directory Traversal vulnerability

EPSS

Процентиль: 67%
0.00539
Низкий

5 Medium

CVSS2

7.5 High

CVSS3