4 matches found
CVE-2024-6866
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...
CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...
CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...
CVE-2024-6866
CVE-2024-6866 concerns corydolphin/flask-cors. The issue arises from using the host-oriented try_match for path matching, making path comparisons effectively case-insensitive while URLs are case-sensitive. This can allow unauthorized origins to access restricted paths and potentially expose data....