Date: Sat, 28 Dec 2024 13:57:50 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 283689] py-Flask-Cors outdated and has CVE: CVE-2020-25032 Message-ID: <bug-283689-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283689 Bug ID: 283689 Summary: py-Flask-Cors outdated and has CVE: CVE-2020-25032 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: ben@altesco.nl This has been reported for quite a while now: # pkg audit -F vulnxml file up-to-date py311-Flask-Cors-3.0.8_1 is vulnerable: py-Flask-Cors -- directory traversal vulnerability CVE: CVE-2020-25032 WWW: https://vuxml.FreeBSD.org/freebsd/252f40cb-618c-47f4-a2cf-1abf30cffbbe.html There have been quite a few new releases (possibly breaking?): https://github.com/corydolphin/flask-cors/releases Would it be possible for the maintainer (stiginge@pvv.org) to update the po= rt? Thanks, Ben --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283689-7788>