Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-6221

Опубликовано: 18 авг. 2024
Источник: ubuntu
Приоритет: medium
CVSS3: 7.5

Описание

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

РелизСтатусПримечание
devel

not-affected

6.0.1-1
esm-apps/focal

released

3.0.8-2ubuntu0.1+esm1
esm-apps/jammy

released

3.0.9-2ubuntu0.1
esm-apps/noble

released

4.0.0-1ubuntu0.1~esm1
focal

ignored

end of standard support, was needs-triage
jammy

released

3.0.9-2ubuntu0.1
noble

needed

oracular

released

4.0.1-1ubuntu0.1
plucky

not-affected

5.0.0-1
questing

not-affected

6.0.1-1

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-6221

CVSS3: 7.5
nvd
больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

debian логотип

CVE-2024-6221

CVSS3: 7.5
debian
больше 1 года назад

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...

github логотип

GHSA-hxwh-jpp2-84pm

CVSS3: 7.5
github
больше 1 года назад

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

fstec логотип

BDU:2024-07531

CVSS3: 6.5
fstec
больше 1 года назад

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

redos логотип

ROS-20250912-09

CVSS3: 6.5
redos
4 месяца назад

Множественные уязвимости python3-flask-cors

7.5 High

CVSS3