DirectorySecurity Advisories
Sign In
Security Advisories

CGA-vqr9-gw75-6v3w

Published

Last updated

https://images.chainguard.dev/security/CGA-vqr9-gw75-6v3w
Package

py3-flask-cors

Latest Update
Fixed
Fixed Version

4.0.1-r0

Aliases
  • CVE-2024-1681
  • GHSA-84pr-m4jr-85g5

Severity

5.3

Medium

CVSS V3

Summary

flask-cors vulnerable to log injection when the log level is set to debug

Description

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation