It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information.
{ "availability": "No subscription required", "binaries": [ { "python3-flask-cors": "3.0.8-2ubuntu0.1" } ] }