Safety vulnerability ID: 76242
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the flask-cors package are vulnerable to Improper Input Validation due to inconsistent URL path handling when processing the '+' character. The package incorrectly uses the unquote_plus function on request.path, which converts '+' characters to spaces, resulting in path normalization errors that prevent proper CORS policy matching for endpoints containing '+' symbols. An attacker can exploit this vulnerability by accessing endpoints with '+' characters in their paths to bypass intended CORS restrictions or cause legitimate cross-origin requests to be incorrectly blocked, potentially exposing sensitive data to unauthorized origins or disrupting application functionality.
Latest version: 6.0.1
A Flask extension simplifying CORS support
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application