CVE-2024-6221

Exploit

EPSS 0.68%
Veröffentlicht 18.08.2024 19:15:04
Zuletzt bearbeitet 07.04.2025 15:15:42
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Corydolphin ≫ Flask-cors Version4.0.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

Third Party Advisory

Exploit

https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf

https://nvd.nist.gov/vuln/detail/CVE-2024-6221

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6221

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6221

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6221