Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Log Injection Vulnerability in corydolphin/flask-cors
Vulnerability Description
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.
CVSS Information
N/A
Vulnerability Type
日志输出的转义处理不恰当
Vulnerability Title
Flask-CORS 安全漏洞
Vulnerability Description
Flask-CORS是Flask的跨源资源共享组件。 Flask-CORS 存在安全漏洞,该漏洞源于当日志级别设置为 debug 时,容易受到日志注入攻击,攻击者利用该漏洞可以在请求路径中发送包含 CRLF 序列的特制 GET 请求,将虚假日志条目注入到日志文件中。
CVSS Information
N/A
Vulnerability Type
N/A