search

corydolphin / flask-cors

Cross Origin Resource Sharing ( CORS ) support for Flask
https://flask-cors.readthedocs.io/en/latest/index.html
MIT License
884 stars 139 forks source link

Update extension.py to escape request.path before logging it #350

Closed aneshujevic closed 5 months ago

aneshujevic commented 5 months ago

Hi @corydolphin

In this PR I've used Python's repr method to escape special characters and print them as ordinary characters as a bugfix for CVE-2024-1681 - https://nvd.nist.gov/vuln/detail/CVE-2024-1681.

This should resolve #349.