VYPR
High severityNVD Advisory· Published Aug 31, 2020· Updated Aug 4, 2024

CVE-2020-25032

CVE-2020-25032

Description

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Flask-CorsPyPI
< 3.0.93.0.9

Affected products

180

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.