Lucene search
PRIOn knowledge basePRION:CVE-2020-25032HistoryAug 31, 2020 - 4:15 a.m.
Directory traversal
2020-08-3104:15:00
PRIOn knowledge base
www.prio-n.com
8
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows …/ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| flask-cors | lt | 3.0.9 | |
| backports_sle | eq | 15.0 sp1 | |
| backports_sle | eq | 15.0 sp2 | |
| leap | eq | 15.1 | |
| leap | eq | 15.2 |
References
lists.opensuse.org/opensuse-security-announce/2020-09/msg00028.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00032.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00039.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00048.html
github.com/corydolphin/flask-cors/releases/tag/3.0.9
www.debian.org/security/2020/dsa-4775
Related
suse
suse
Security update for python-Flask-Cors (moderate)
2020-09-09 00:00:00
Security update for python-Flask-Cors (moderate)
2020-09-18 00:00:00
Security update for python-Flask-Cors (moderate)
2020-09-12 00:00:00
osv
osv
Flask-Cors Directory Traversal vulnerability
2021-05-06 18:51:48
python-flask-cors - security update
2020-10-19 00:00:00
CVE-2020-25032
2020-08-31 04:15:12
openvas
openvas
Debian: Security Advisory (DSA-4775-1)
2020-10-22 00:00:00
openSUSE: Security Advisory for python-Flask-Cors (openSUSE-SU-2020:1393-1)
2020-09-10 00:00:00
Ubuntu: Security Advisory (USN-6019-1)
2023-04-14 00:00:00
cvelist
cvelist
CVE-2020-25032
2020-08-31 03:57:28
ubuntucve
ubuntucve
CVE-2020-25032
2020-08-31 00:00:00
debian
debian
[SECURITY] [DSA 4775-1] python-flask-cors security update
2020-10-19 19:25:34
[SECURITY] [DSA 4775-1] python-flask-cors security update
2020-10-19 19:25:34
github
github
Flask-Cors Directory Traversal vulnerability
2021-05-06 18:51:48
freebsd
freebsd
py-Flask-Cors -- directory traversal vulnerability
2020-08-31 00:00:00
nessus
nessus
FreeBSD : py-Flask-Cors -- directory traversal vulnerability (252f40cb-618c-47f4-a2cf-1abf30cffbbe)
2023-08-31 00:00:00
Debian DSA-4775-1 : python-flask-cors - security update
2020-10-21 00:00:00
openSUSE Security Update : python-Flask-Cors (openSUSE-2020-1393)
2020-09-11 00:00:00
ibm
ibm
nvd
nvd
CVE-2020-25032
2020-08-31 04:15:12
debiancve
debiancve
CVE-2020-25032
2020-08-31 04:15:12
veracode
veracode
Directory Traversal
2020-09-01 02:56:12
ubuntu
ubuntu
Flask-CORS vulnerability
2023-04-13 00:00:00
cve
cve
CVE-2020-25032
2020-08-31 04:15:12
redhatcve
redhatcve
CVE-2020-25032
2020-09-08 02:21:05