Arbitrary File Download Affecting flask package, versions [,0.6.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FLASK-40002
- published 14 Sep 2017
- disclosed 28 Aug 2017
- credit Unknown
Overview
Affected versions of flask
are vulnerable to Arbitrary File Download. A client can use backslashes to escape the directory the files where exposed from.
Note: Only if the host server is a windows based operating system.
References
CVSS Scores
version 3.1