Astra Linux - уязвимость в curl

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take ‘issuercert’ into account, and it compared the involved paths case insensitively, which could...

Updated python-flask-cors packages fix security vulnerabilities

Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...

Linux Distros Unpatched Vulnerability : CVE-2021-22924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, th...

Linux Distros Unpatched Vulnerability : CVE-2024-6866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case- insensitive due to the use of the trymatch function, which...

OESA-2025-1981 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

OESA-2025-1939 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

CVE-2024-6866

CVE-2024-6866 concerns corydolphin/flask-cors. The issue arises from using the host-oriented try_match for path matching, making path comparisons effectively case-insensitive while URLs are case-sensitive. This can allow unauthorized origins to access restricted paths and potentially expose data....

ALPINE-CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...