A flaw was found in Flask-CORS (aka CORS Middleware for Flask). This issue allows the …/ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. The highest threat from this vulnerability is to confidentiality.