Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 13 of 13 results


CVE-2020-25032

Medium priority

Some fixes available 1 of 2

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

1 affected packages

python-flask-cors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-flask-cors Not affected Fixed Not in release Not in release
Show less packages

CVE-2019-1010083

Low priority
Needs evaluation

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

1 affected packages

flask

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flask Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2018-1000656

Low priority
Fixed

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be...

1 affected packages

flask

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flask Not affected Fixed Fixed
Show less packages