flask-cors@2.0.0rc1 vulnerabilities

A Flask extension adding a decorator for CORS support

Direct Vulnerabilities

Known vulnerabilities in the flask-cors package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Log Injection

Flask-Cors is an A Flask extension adding a decorator for CORS support

Affected versions of this package are vulnerable to Log Injection when the log level is set to debug. A user can inject or modify messages by abusing CRLF sequences in the request path of a GET request.

How to fix Log Injection?

Upgrade Flask-Cors to version 4.0.1 or higher.

[,4.0.1)
  • H
Directory Traversal

Flask-Cors is an A Flask extension adding a decorator for CORS support

Affected versions of this package are vulnerable to Directory Traversal. An attacker could potentially access private resources because resource matching does not ensure that pathnames are in a canonical format.

How to fix Directory Traversal?

Upgrade Flask-Cors to version 3.0.9 or higher.

[,3.0.9)