CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

Linux Distros Unpatched Vulnerability : CVE-2024-6221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior...

PYSEC-2024-260

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

PYSEC-2024-71

A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant...

PT-2024-6445

Name of the Vulnerable Software and Affected Versions corydolphin/flask-cors versions 4.0.1 corydolphin/flask-cors version 5.0.1 Description The software contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching path...

UBUNTU-CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

PT-2024-18217

Name of the Vulnerable Software and Affected Versions corydolphin/flask-cors affected versions not specified Description The issue is due to improper output neutralization for logs, allowing log injection when the log level is set to debug. An attacker can inject fake log entries into the log fil...