Sanic-Cors

Releases38

Frequency1 month 3 weeks

Last Release over 3 years ago

A Sanic extension adding a decorator for CORS support. Based on flask-cors by Cory Dolphin.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-37737 ↗	Jun 5, 2026Friday, 5 June 2026, 15:16	6.5 MEDIUM	—
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain unauthorized access to cross-origin requests for authenticated resources.