OESA-2025-1981 python-Flask-Cors security update

🗓️ 08 Aug 2025 11:16:42Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Security fixes for Flask-Cors 4.0.1 address improper path matching and case insensitive path handling.

Reporter	Title	Published	Views	Family All 93
IBM Security Bulletins	Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.	2 Feb 202604:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Flask-Cors	1 Apr 202609:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6.	1 Aug 202510:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844	1 Aug 202510:29	–	ibm
IBM Security Bulletins	Security Bulletin: Log Injection Vulnerability in orydolphin/flask-cors (Debug Logging) affects watsonx.data	8 Apr 202608:45	–	ibm
Chainguard	CVE-2024-6839 vulnerabilities	22 May 202501:14	–	cgr
Chainguard	CVE-2024-6844 vulnerabilities	22 May 202501:15	–	cgr
Chainguard	CVE-2024-6866 vulnerabilities	22 May 202501:15	–	cgr
Circl	CVE-2024-6839	20 Mar 202513:10	–	circl
Circl	CVE-2024-6844	23 May 202522:39	–	circl

Source	Link
openeuler	www.openeuler.org/zh/security/security-bulletins/detail/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-6839
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-6844
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-6866

03 Sep 2025 06:31Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17.5

CVSS 35.3

EPSS0.00474

SSVC