Skip to main content

Flask Cors

6 CVEs product

Monthly

CVE-2024-6866 PyPI HIGH POC PATCH This Week

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-6844 PyPI MEDIUM POC PATCH This Month

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Flask Cors Suse
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-6839 PyPI MEDIUM POC PATCH This Month

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6221 PyPI HIGH POC PATCH This Week

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Flask Cors
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1681 PyPI MEDIUM POC PATCH This Month

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Flask Cors
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-25032 PyPI HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal Flask Cors Debian Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Flask Cors +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Flask Cors
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Flask Cors
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Python Path Traversal +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy