14 matches found
Updated python-flask-cors packages fix security vulnerabilities
Log Injection Vulnerability in corydolphin/flask-cors. CVE-2024-1681 Improper Access Control in corydolphin/flask-cors. CVE-2024-6221 Improper Regex Path Matching in corydolphin/flask-cors. CVE-2024-6839 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors...
EUVD-2025-6973
Malicious code in bioql PyPI...
OESA-2025-1939 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...
OESA-2025-1938 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...
[SECURITY] [DLA 4197-1] python-flask-cors security update
Debian LTS Advisory DLA-4197-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert May 31, 2025 https://wiki.debian.org/LTS Package : python-flask-cors Version : 3.0.9-2+deb11u1 CVE ID : CVE-2024-1681 CVE-2024-6839 CVE-2024-6844 CVE-2024-6866 Debian Bug : 1069764 11009...
CVE-2024-6839
A flaw was found inflask-cors. This vulnerability allows unauthorized cross-origin access to sensitive data or functionality via improper regex path matching, prioritizing longer patterns over more specific ones. This issue leads to less restrictive CORS policies being applied to sensitive...
Improper Verification of Source of a Communication Channel
Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel due to improper application of regex path matching rules. An attacker can gain unauthorized cross-origin...
CVE-2024-6839
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
UBUNTU-CVE-2024-6839
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
CVE-2024-6839
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
CVE-2024-6839 Improper Regex Path Matching in corydolphin/flask-cors
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
CVE-2024-6839 Improper Regex Path Matching in corydolphin/flask-cors
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex...
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1, which stems from improperly matched regular expression paths and could lead to improperly applied cross-domain resource sharing...
PT-2024-6445
Name of the Vulnerable Software and Affected Versions corydolphin/flask-cors versions 4.0.1 corydolphin/flask-cors version 5.0.1 Description The software contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching path...