Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk:Low] Flask-cors (Due: 07/23/2024) #5806

Closed
2 tasks
cnlucas opened this issue Apr 24, 2024 · 1 comment
Closed
2 tasks

[Snyk:Low] Flask-cors (Due: 07/23/2024) #5806

cnlucas opened this issue Apr 24, 2024 · 1 comment
Assignees
@tmpayton
Labels
Security: general General security concern or issue Security: low Remediate within 90 days
Milestone
25.5

Comments

@cnlucas
Copy link
Member

cnlucas commented Apr 24, 2024
edited by tmpayton
Loading

What we’re after

flask-cors Log Injection
Detailed paths

Introduced through: [email protected][email protected]
Fix: No remediation path available.

Security information
Factors contributing to the scoring:

Snyk: [CVSS 3.1](https://security.snyk.io/vuln/SNYK-PYTHON-FLASKCORS-6670412) - Low Severity
NVD: Not available. NVD has not yet published its analysis.

Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview

Flask-Cors is an A Flask extension adding a decorator for CORS support

Affected versions of this package are vulnerable to Log Injection when the log level is set to debug. A user can inject or modify messages by abusing CRLF sequences in the request path of a GET request.### Completion criteria

Tech step

  • Upgrade flask-cors

Completion Criteria

  • We are no longer getting a snyk error
@cnlucas cnlucas added Security: low Remediate within 90 days Security: general General security concern or issue labels Apr 24, 2024
@cnlucas cnlucas added this to the 25.5 milestone Apr 24, 2024
@cnlucas cnlucas mentioned this issue Apr 24, 2024
Closed
2 tasks
This was referenced May 1, 2024
Closed
Closed
@tmpayton tmpayton moved this to 🔨 Pre-refinement in Website project Jul 3, 2024
@tmpayton tmpayton moved this from 🔨 Pre-refinement to 🔜 Sprint backlog in Website project Jul 3, 2024
@tmpayton tmpayton self-assigned this Jul 9, 2024
@tmpayton tmpayton moved this from 🔜 Sprint backlog to 📥 Assigned in Website project Jul 9, 2024
@tmpayton
Copy link
Contributor

This snyk venerability will be remediated with this PR.

@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmpayton tmpayton

Labels
Security: general General security concern or issue Security: low Remediate within 90 days
Projects
Website project
Status: ✅ Done
Milestone
25.5
Development

No branches or pull requests
2 participants
@cnlucas @tmpayton