Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-6221

Опубликовано: 18 авг. 2024
Источник: debian
EPSS Низкий

Описание

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-flask-corsfixed5.0.0-1package
python-flask-corsnot-affectedbookwormpackage
python-flask-corsnot-affectedbullseyepackage

Примечания

  • https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

  • https://github.com/corydolphin/flask-cors/issues/337

  • https://github.com/advisories/GHSA-hxwh-jpp2-84pm

  • https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec (4.0.2)

  • https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548 (5.0.0, follow-up)

EPSS

Процентиль: 70%
0.00637
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-6221

CVSS3: 7.5
ubuntu
больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

nvd логотип

CVE-2024-6221

CVSS3: 7.5
nvd
больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

github логотип

GHSA-hxwh-jpp2-84pm

CVSS3: 7.5
github
больше 1 года назад

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

fstec логотип

BDU:2024-07531

CVSS3: 6.5
fstec
больше 1 года назад

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

redos логотип

ROS-20250912-09

CVSS3: 6.5
redos
4 месяца назад

Множественные уязвимости python3-flask-cors

EPSS

Процентиль: 70%
0.00637
Низкий