Количество 6
Количество 6
CVE-2024-6844
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.
CVE-2024-6844
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.
CVE-2024-6844
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...
GHSA-8vgw-p6qm-5gr7
Flask-CORS allows for inconsistent CORS matching
BDU:2024-07529
Уязвимость библиотеки Flask CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю обойти существующие ограничения безопасности
ROS-20250912-09
Множественные уязвимости python3-flask-cors
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues. | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
 | CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues. | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ... | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| GHSA-8vgw-p6qm-5gr7 Flask-CORS allows for inconsistent CORS matching | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
 | BDU:2024-07529 Уязвимость библиотеки Flask CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | ROS-20250912-09 Множественные уязвимости python3-flask-cors | CVSS3: 6.5 | 4 месяца назад |
Уязвимостей на страницу