Package "python-flask-cors"
| Name: |
python-flask-cors
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Flask extension for handling CORS (Python 3)
|
| Latest version: |
5.0.0-1ubuntu0.1 |
| Release: |
plucky (25.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "python-flask-cors" in Plucky
Packages in group
Deleted packages are displayed in grey.
Changelog
|
No changelog for deleted or moved packages.
|
|
python-flask-cors (5.0.0-1ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: Unauthorized Cross-Origin Access
- debian/patches/CVE-2024-6839-1.patch: Sort paths by regex
specificity
- debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
shortest
- debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
"test_helpers.py".
- CVE-2024-6839
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-6866.patch: Implements case sensitive
request path matching
- CVE-2024-6866
* SECURITY UPDATE: Undefined CORS Policy Application
- debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
- CVE-2024-6844
-- Bruce Cable <email address hidden> Mon, 30 Jun 2025 17:28:14 +1000
|
| CVE-2024-6839 |
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more s |
| CVE-2024-6866 |
corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` fu |
| CVE-2024-6844 |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. |
|
About
-
Send Feedback to @ubuntu_updates
