Package "python3-flask-cors"
Links
Download "python3-flask-cors"
Other versions of "python3-flask-cors" in Oracular
Changelog
|
python-flask-cors (4.0.1-1ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: Unauthorized Cross-Origin Access
- debian/patches/CVE-2024-6839-1.patch: Sort paths by regex
specificity
- debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
shortest
- debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
"test_helpers.py".
- CVE-2024-6839
* SECURITY UPDATE: Private Resource Exposure
- debian/patches/CVE-2024-6221.patch: Add option to allow
"Access-Control-Allow-Private-Network" CORS header to be false
- CVE-2024-6221
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-6866.patch: Implements case sensitive
request path matching
- CVE-2024-6866
* SECURITY UPDATE: Undefined CORS Policy Application
- debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
- CVE-2024-6844
-- Bruce Cable <email address hidden> Mon, 30 Jun 2025 17:28:14 +1000
|
| CVE-2024-6839 |
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s |
| CVE-2024-6221 |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. T |
| CVE-2024-6866 |
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu |
| CVE-2024-6844 |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. |
|
About
-
Send Feedback to @ubuntu_updates
