UbuntuUpdates.org

Bugs fixes in "python-flask-cors"

Origin Bug number Title Date fixed
CVE CVE-2024-1681 corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b 2025-07-02
CVE CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. 2025-07-02
CVE CVE-2024-6866 corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu 2025-07-02
CVE CVE-2024-6221 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T 2025-07-02
CVE CVE-2024-6839 corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s 2025-07-02
CVE CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. 2025-07-02
CVE CVE-2024-6866 corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu 2025-07-02
CVE CVE-2024-6839 corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s 2025-07-02
CVE CVE-2024-1681 corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b 2025-07-02
CVE CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. 2025-07-02
CVE CVE-2024-6866 corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu 2025-07-02
CVE CVE-2024-6221 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T 2025-07-02
CVE CVE-2024-6839 corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s 2025-07-02
CVE CVE-2024-6844 A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. 2025-07-02
CVE CVE-2024-6866 corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu 2025-07-02
CVE CVE-2024-6839 corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s 2025-07-02
CVE CVE-2020-25032 An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources bec 2023-04-13
Launchpad 2012949 CVE-2020-25032 affects python-flask-cors in focal 2023-04-13
CVE CVE-2020-25032 An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources bec 2023-04-13
Launchpad 2012949 CVE-2020-25032 affects python-flask-cors in focal 2023-04-13



About   -   Send Feedback to @ubuntu_updates