| CVE-2024-6221 |
high |
— |
8.0 |
|
|
|
2y ago |
A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavi… |
| CVE-2024-6839 |
unknown |
— |
— |
|
|
|
1y ago |
Flask-CORS improper regex path matching vulnerability |
| CVE-2024-6844 |
unknown |
— |
— |
|
|
|
1y ago |
Flask-CORS allows for inconsistent CORS matching |
| CVE-2024-6866 |
unknown |
— |
— |
|
|
|
1y ago |
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching … |
| CVE-2024-1681 |
unknown |
— |
— |
|
|
|
2y ago |
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containi… |
| CVE-2020-25032 |
unknown |
— |
— |
|
|
|
5y ago |
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathna… |
