7.5

CVE-2024-6221

Exploit

EPSS 0.64%
Veröffentlicht 18.08.2024 19:15:04
Zuletzt bearbeitet 07.04.2025 15:15:42
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Corydolphin ≫ Flask-cors Version4.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.701

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

Third Party Advisory

Exploit

https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf

https://nvd.nist.gov/vuln/detail/CVE-2024-6221

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6221

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6221

EUVD