skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Vulnerabilities Identified in flask-cors Library

/ 1 min read

🛠️ Multiple vulnerabilities discovered in the flask-cors library. A recent code review of the flask-cors library revealed four vulnerabilities in version 4.0.1, primarily related to improper URL matching for CORS rules. The first vulnerability allows public networks to access private networks due to a default setting in the CORS header. The second issue involves incorrect handling of the ”+” character in URL paths, leading to potential mismatches in CORS configurations. The third vulnerability arises from improper regex sorting, which can cause specific regex patterns to be overlooked. Lastly, case-insensitive path matching can result in CORS misconfigurations. The findings highlight the importance of thorough code audits, even in smaller libraries.

Source
{entry.data.source.title}
Original