mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-08 05:29:22 +00:00
Code Issues Projects Releases Wiki Activity

python3-flask-cors: Fix CVE-2024-6221

Browse Source 
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
`Access-Control-Allow-Private-Network` CORS header to be set to true
by default, without any configuration option. This behavior can expose
private network resources to unauthorized external access, leading to
significant security risks such as data breaches, unauthorized access
to sensitive information, and potential network intrusions.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6221

Upsteam-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Soumya Sambu
2024-09-03 12:52:59 +00:00
committed by Khem Raj
parent 37a9f61879
commit dadb8790bd
2 changed files with 114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-flask-cors_4.0.0.bb
+4
View File
@@ -9,6 +9,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=118fecaa576ab51c1520f95e98db61ce"
PYPI_PACKAGE = "Flask-Cors"
SRC_URI += " \
file://CVE-2024-6221.patch \
"
SRC_URI[sha256sum] = "f268522fcb2f73e2ecdde1ef45e2fd5c71cc48fe03cffb4b441c6d1b40684eb0"
inherit pypi setuptools3