[Bug 283689] py-Flask-Cors outdated and has CVE: CVE-2020-25032

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 283689] www/py-Flask-Cors outdated and has CVE: CVE-2020-25032"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 28 Dec 2024 13:57:50 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283689

            Bug ID: 283689
           Summary: py-Flask-Cors outdated and has CVE: CVE-2020-25032
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: ben@altesco.nl

This has been reported for quite a while now:

# pkg audit -F
vulnxml file up-to-date
py311-Flask-Cors-3.0.8_1 is vulnerable:
  py-Flask-Cors -- directory traversal vulnerability
  CVE: CVE-2020-25032
  WWW:
https://vuxml.FreeBSD.org/freebsd/252f40cb-618c-47f4-a2cf-1abf30cffbbe.html

There have been quite a few new releases (possibly breaking?):
https://github.com/corydolphin/flask-cors/releases

Would it be possible for the maintainer (stiginge@pvv.org) to update the port?

Thanks,
Ben

-- 
You are receiving this mail because:
You are the assignee for the bug.