Bugs fixes in "python-flask-cors"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2024-1681 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-1681 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file b | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
| CVE | CVE-2024-6839 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s | 2025-07-02 |
| CVE | CVE-2024-6844 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. | 2025-07-02 |
| CVE | CVE-2024-6866 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu | 2025-07-02 |
| CVE | CVE-2024-6221 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T | 2025-07-02 |
About
-
Send Feedback to @ubuntu_updates
