Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6972

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00281EPSS
Exploits1References5
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-8VGW-P6QM-5GR7 Flask-CORS allows for inconsistent CORS matching

A vulnerability in corydolphin/flask-cors version 5.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.4AI score0.00281EPSS
Exploits1References6
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS0.00281EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.2 views

DEBIAN-CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.9AI score0.00281EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/03/20 10:10 a.m.5 views

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.9AI score0.00281EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.5AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.189 views

CVE-2024-6844

CVE-2024-6844 affects the package corydolphin/flask-cors (reported as 4.0.1). The issue arises from how URL path '+’ characters are handled: request.path is passed through unquote_plus, which converts '+' to a space. This causes incorrect path normalization and mismatches between requested paths ...

5.3CVSS5.5AI score0.00281EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS0.00281EPSS
Exploits1References1
Rows per page
Query Builder