CVE-2019-5630

This allows attackers to exploit Cross-Site Request Forgery (CSRF) vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
Source: NIST
CVE-2019-5630