CVE-2024-6221

Опубликовано: 18 авг. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Ссылки

https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf
https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:corydolphin:flask-cors:4.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00637

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

CVE-2024-6221

CVSS3: 7.5

ubuntu

больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

CVE-2024-6221

CVSS3: 7.5

debian

больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...

GHSA-hxwh-jpp2-84pm

CVSS3: 7.5

github

больше 1 года назад

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

BDU:2024-07531

CVSS3: 6.5

fstec

больше 1 года назад

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

ROS-20250912-09

CVSS3: 6.5

redos

4 месяца назад

Множественные уязвимости python3-flask-cors

EPSS

Процентиль: 70%

0.00637

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other