CVE-2024-1681 in flask-cors정보

요약

\~에 의해 MITRE • 2024. 04. 19.

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

Huntr.dev

예약하다

2024. 02. 20.

모더레이션

수락

항목

VDB-261654

EPSS

0.00574

출처

Do you know our Splunk app?

Download it now for free!