CVE-2024-6866
- EPSS 0.08%
- Veröffentlicht 20.03.2025 10:10:59
- Zuletzt bearbeitet 01.08.2025 01:36:17
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in ...
CVE-2024-6844
- EPSS 0.06%
- Veröffentlicht 20.03.2025 10:10:51
- Zuletzt bearbeitet 01.08.2025 01:32:18
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a s...
CVE-2024-6839
- EPSS 0.12%
- Veröffentlicht 20.03.2025 10:09:42
- Zuletzt bearbeitet 01.08.2025 12:26:41
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to s...
CVE-2020-25032
- EPSS 1.25%
- Veröffentlicht 31.08.2020 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:16:42
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.