Homepage

flask-cors@0.0.0.dev3 vulnerabilities

A Flask extension simplifying CORS support

  • latest version

    5.0.1

  • latest non vulnerable version

    5.0.1

  • first published

    11 years ago

  • latest version published

    8 hours ago

  • licenses detected

  • View flask-cors package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the flask-cors package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Log Injection

    Flask-Cors is an A Flask extension adding a decorator for CORS support

    Affected versions of this package are vulnerable to Log Injection when the log level is set to debug. A user can inject or modify messages by abusing CRLF sequences in the request path of a GET request.

    How to fix Log Injection?

    Upgrade Flask-Cors to version 4.0.1 or higher.

    [,4.0.1)
    • H
    Directory Traversal

    Flask-Cors is an A Flask extension adding a decorator for CORS support

    Affected versions of this package are vulnerable to Directory Traversal. An attacker could potentially access private resources because resource matching does not ensure that pathnames are in a canonical format.

    How to fix Directory Traversal?

    Upgrade Flask-Cors to version 3.0.9 or higher.

    [,3.0.9)
    Go back to all versions of this package