Filtered by vendor Flask-cors Project Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-25032 3 Debian, Flask-cors Project, Opensuse 4 Debian Linux, Flask-cors, Backports Sle and 1 more 2024-11-21 7.5 High
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.