Homepage

flask-cors@6.0.0 vulnerabilities

A Flask extension simplifying CORS support

  • latest version

    6.0.0

  • first published

    11 years ago

  • latest version published

    17 days ago

  • licenses detected

  • View flask-cors package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the flask-cors package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Verification of Source of a Communication Channel

    Flask-Cors is an A Flask extension adding a decorator for CORS support

    Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper application of regex path matching rules. An attacker can gain unauthorized cross-origin access to sensitive data or functionality by exploiting the prioritization of longer regex patterns over more specific ones, leading to less restrictive CORS policies being applied to sensitive endpoints.

    Note:

    An initial attempt to fix the vulnerability was included in 6.0.0 but it was proved to be incomplete. PR 392 fully addresses the issue.

    How to fix Improper Verification of Source of a Communication Channel?

    There is no fixed version for Flask-Cors.

    [0,)
    Go back to all versions of this package