CGA-4pc5-5847-jhc5

Published

Last updated

https://images.chainguard.dev/security/CGA-4pc5-5847-jhc5

Package

py3-flask-cors

Latest Update

Fixed

Fixed Version

4.0.2-r0

Aliases

Severity

7.5

High

CVSS V3

Summary

Flask-CORS allows the Access-Control-Allow-Private-Network CORS header to be set to true by default

Description

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-4pc5-5847-jhc5

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources