The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
Introduced through: project@0.0.0 › flask-cors@3.0.10
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: [CVSS 3.1](https://security.snyk.io/vuln/SNYK-PYTHON-FLASKCORS-6670412) - Low Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Flask-Cors is an A Flask extension adding a decorator for CORS support
Affected versions of this package are vulnerable to Log Injection when the log level is set to debug. A user can inject or modify messages by abusing CRLF sequences in the request path of a GET request.### Completion criteria
tmpayton
commented
3 months ago
What we’re after
flask-cors Log Injection Detailed paths
Security information Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview
Flask-Cors is an A Flask extension adding a decorator for CORS support
Affected versions of this package are vulnerable to Log Injection when the log level is set to debug. A user can inject or modify messages by abusing CRLF sequences in the request path of a GET request.### Completion criteria
Tech step
Completion Criteria