python3-flask-cors: Fix CVE-2024-6221 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2024-09-03 12:52:59 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-09-09 15:14:48 -0400
commit	f88706fe2f81f7ec6c98e6313acbefc89370bcb5 (patch)
tree	3ccf1d6af15478a8de09bb5c810ae9e654cd35f1 /meta-python/recipes-networking/python
parent	3750a3439399b06688191fd49052d0efbd501c06 (diff)
download	meta-openembedded-f88706fe2f81f7ec6c98e6313acbefc89370bcb5.tar.gz

python3-flask-cors: Fix CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. References: https://nvd.nist.gov/vuln/detail/CVE-2024-6221 Upsteam-Patch: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-networking/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: