Fix CVE-2024-1681
(cherry picked from commit 9c2bd2fd623ad4794bb5c103ffb99cd3c9e3bdd7)
This commit is contained in:
starlet-dx
openeuler-sync-bot
parent
c27e649273
commit
ef2eb684a4
24
CVE-2024-1681.patch
Normal file
24
CVE-2024-1681.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From 6172c2000dba965fedb8e9a8a916ad56f0fb2630 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Anes=20Hujevi=C4=87?= <anes1996_h@hotmail.com>
|
||||
Date: Sat, 4 May 2024 21:28:47 +0200
|
||||
Subject: [PATCH] Update extension.py to clean request.path before logging it
|
||||
(#351)
|
||||
|
||||
* Update extension.py to use string format specifier for cleaning request.path
|
||||
---
|
||||
flask_cors/extension.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/flask_cors/extension.py b/flask_cors/extension.py
|
||||
index 6f76995..6361dcc 100644
|
||||
--- a/flask_cors/extension.py
|
||||
+++ b/flask_cors/extension.py
|
||||
@@ -193,7 +193,7 @@ def cors_after_request(resp):
|
||||
normalized_path = unquote_plus(request.path)
|
||||
for res_regex, res_options in resources:
|
||||
if try_match(normalized_path, res_regex):
|
||||
- LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
|
||||
+ LOG.debug("Request to '%r' matches CORS resource '%s'. Using options: %s",
|
||||
request.path, get_regexp_pattern(res_regex), res_options)
|
||||
set_cors_headers(resp, res_options)
|
||||
break
|
||||
@ -1,11 +1,13 @@
|
||||
%global _empty_manifest_terminate_build 0
|
||||
Name: python-Flask-Cors
|
||||
Version: 4.0.0
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: A Flask extension adding a decorator for CORS support
|
||||
License: MIT
|
||||
URL: https://github.com/corydolphin/flask-cors
|
||||
Source0: https://files.pythonhosted.org/packages/c8/b0/bd7130837a921497520f62023c7ba754e441dcedf959a43e6d1fd86e5451/Flask-Cors-4.0.0.tar.gz
|
||||
# https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630
|
||||
Patch0: CVE-2024-1681.patch
|
||||
BuildArch: noarch
|
||||
|
||||
Requires: python3-Flask
|
||||
@ -30,7 +32,7 @@ Provides: python3-Flask-Cors-doc
|
||||
A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
|
||||
|
||||
%prep
|
||||
%autosetup -n Flask-Cors-4.0.0
|
||||
%autosetup -n Flask-Cors-4.0.0 -p1
|
||||
|
||||
%build
|
||||
%py3_build
|
||||
@ -70,6 +72,9 @@ mv %{buildroot}/doclist.lst .
|
||||
%{_docdir}/*
|
||||
|
||||
%changelog
|
||||
* Tue May 28 2024 yaoxin <yao_xin001@hoperun.com> - 4.0.0-2
|
||||
- Fix CVE-2024-1681
|
||||
|
||||
* Tue Jul 11 2023 chenzixuan <chenzixuan@kylinos.cn> - 4.0.0-1
|
||||
- upgrade to 4.0.0
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user