Security Bulletin: Log Injection Vulnerability in orydolphin/flask-cors (Debug Logging) affects watsonx.data

Summary A vulnerability in orydolphin/flask-cors allows attackers to inject malicious log entries when debug logging is enabled. By sending specially crafted requests containing CRLF sequences, an attacker can corrupt or forge log entries, potentially obscuring other attacks or disrupting log...

python311-Flask-Cors-6.0.2-1.1 on GA media (moderate)

python311-Flask-Cors-6.0.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10485-1 Rating: moderate Cross-References: CVE-2024-6839 CVE-2024-6844 CVE-2024-6866 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all securit...

OPENSUSE-SU-2026:10485-1 python311-Flask-Cors-6.0.2-1.1 on GA media

These are all security issues fixed in the python311-Flask-Cors-6.0.2-1.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Flask-Cors

Summary Flask-Cors is used by IBM Cloud Pak for Data System to handle Cross-Origin Resource Sharing CORS for web applications. Multiple vulnerabilities affect Flask-Cors path matching functionality. CVE-2024-6866 involves case-insensitive path matching that can allow unauthorized origins to acces...

Mageia: Security Advisory (MGASA-2025-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0286 Updated python-flask-cors packages fix security vulnerabilities

Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...

Updated python-flask-cors packages fix security vulnerabilities

Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...

EUVD-2020-0080

Malware in sbrugna...

EUVD-2025-6972

Malicious code in bioql PyPI...

EUVD-2025-6979

Malicious code in bioql PyPI...

EUVD-2024-0061

Malicious code in bioql PyPI...

EUVD-2025-6973

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-6844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The...

Linux Distros Unpatched Vulnerability : CVE-2024-6839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific one...

Linux Distros Unpatched Vulnerability : CVE-2024-6866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case- insensitive due to the use of the trymatch function, which...

OESA-2025-1938 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...

Ubuntu: Security Advisory (USN-7612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Flask-CORS vulnerabilities (USN-7612-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7612-1 advisory. It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could...

USN-7612-1 python-flask-cors vulnerabilities

It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...

USN-7612-1: Flask-CORS vulnerabilities

It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...