python3-flask-cors: Fix CVE-2024-6221 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-09-03 12:52:59 +0000
committer	Khem Raj <raj.khem@gmail.com>	2024-09-03 07:05:13 -0700
commit	dadb8790bdf59463ab41ebb65f87e659eafa5664 (patch)
tree	131255061e8c101394fee5c7cf52831d652618b3 /meta-python/recipes-devtools/python/python3-matplotlib
parent	37a9f61879b4610c5824a2dbd95b5f3391840803 (diff)
download	meta-openembedded-dadb8790bdf59463ab41ebb65f87e659eafa5664.tar.gz

python3-flask-cors: Fix CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6221 Upsteam-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-matplotlib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: