DirectorySecurity Advisories
Sign In
Security Advisories

CGA-29fc-3hfx-348c

Published

Last updated

https://images.chainguard.dev/security/CGA-29fc-3hfx-348c
Package

kubeflow-jupyter-web-app

Latest Update
Fixed
Fixed Version

1.8.0-r7

Aliases
  • CVE-2024-1681
  • GHSA-84pr-m4jr-85g5

Severity

5.3

Medium

CVSS V3

Summary

flask-cors vulnerable to log injection when the log level is set to debug

Description

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation