Workflow

PyPi: Cornflow

CVE-2024-1681

Transitive

Safety vulnerability ID: 71025

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 19, 2024 Updated at Oct 31, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cornflow version 1.0.11 updates its `flask-cors` dependency from version 3.0.10 or lower to version 4.0.1 or lower in response to CVE-2024-1681.

Affected package

cornflow

Latest version: 1.1.2

Cornflow is an open source multi-solver optimization server with a REST API built using flask.

Affected versions

Fixed versions

Vulnerability changelog

---------------

- released: 2024-05-10
- description: release to fix security vulnerabilities
- changelog:
- Upgraded flask-cors version to 4.0.1
- Upgraded Werkzeug version to 3.0.3
- Upgraded Airflow to version 2.9.1
- Fixed Werkzeug version on airflow image to 3.0.3

What's Changed
* Added codecov token for upload of results by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/520
* Docs/update by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/521
* Changes needed due to security reasons. by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/529


**Full Changelog**: https://github.com/baobabsoluciones/cornflow/compare/v1.0.10...v1.0.11

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application