Search CVE reports
11 – 13 of 13 results
CVE-2020-25032
Medium prioritySome fixes available 1 of 2
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
1 affected package
python-flask-cors
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-flask-cors | — | Not affected | Fixed | Not in release | Not in release |
CVE-2019-1010083
Low priorityThe Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
1 affected package
flask
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| flask | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2018-1000656
Low priorityThe Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be...
1 affected package
flask
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| flask | — | — | Not affected | Fixed | Fixed |