9 matches found
PT-2026-46962
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try match function in sanic cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...
CVE-2026-37737
sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...
CVE-2026-37737
Sanic-Cors (version 2.2.0 and earlier) is affected by an improper regular expression in the try_match() function of sanic_cors/core.py that uses re.match without end anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin strin...
OESA-2025-1981 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...
SUSE CVE-2024-6839
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
GHSA-7RXF-GVFG-47G4 Flask-CORS improper regex path matching vulnerability
corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
DEBIAN-CVE-2024-6839
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
CVE-2024-6839
CVE-2024-6839 is a confirmed issue in corydolphin/flask-cors 4.0.1 where improper regex path matching lets less restrictive CORS policies apply to sensitive endpoints due to priority bias toward longer regexes. The vulnerability can enable unauthorized cross-origin access to data or functionality...
CVE-2022-25769 Improper regex in htaccess file
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path...