CVE-2020-25032

Published August 31st, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

corydolphin/flask-cors

Cross Origin Resource Sharing ( CORS ) support for Flask

GitHub

933