Bugs fixes in "python-flask-cors"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2024-1681 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-1681 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2020-25032 | An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources bec | 2023-04-13 |
| Launchpad | 2012949 | CVE-2020-25032 affects python-flask-cors in focal | 2023-04-13 |
| CVE | CVE-2020-25032 | An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources bec | 2023-04-13 |
| Launchpad | 2012949 | CVE-2020-25032 affects python-flask-cors in focal | 2023-04-13 |
About
-
Send Feedback to @ubuntu_updates
