Количество 6
Количество 6
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log lev ...
GHSA-84pr-m4jr-85g5
flask-cors vulnerable to log injection when the log level is set to debug
BDU:2025-11598
Уязвимость фреймворка Flask, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю изменять данные в системе
ROS-20250912-09
Множественные уязвимости python3-flask-cors
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-1681 corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-1681 corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-1681 corydolphin/flask-cors is vulnerable to log injection when the log lev ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-84pr-m4jr-85g5 flask-cors vulnerable to log injection when the log level is set to debug | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | BDU:2025-11598 Уязвимость фреймворка Flask, связанная с неправильной обработкой выходных данных для журналов регистрации, позволяющая нарушителю изменять данные в системе | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | ROS-20250912-09 Множественные уязвимости python3-flask-cors | CVSS3: 6.5 | 4 месяца назад |
Уязвимостей на страницу