2 matches found
GHSA-7RXF-GVFG-47G4 Flask-CORS improper regex path matching vulnerability
corydolphin/flask-cors version 5.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
CVE-2024-6839
CVE-2024-6839 is a confirmed issue in corydolphin/flask-cors 4.0.1 where improper regex path matching lets less restrictive CORS policies apply to sensitive endpoints due to priority bias toward longer regexes. The vulnerability can enable unauthorized cross-origin access to data or functionality...