VYPR
High severity7.5NVD Advisory· Published Aug 18, 2024· Updated Jun 17, 2026

CVE-2024-6221

CVE-2024-6221

Description

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Flask-CorsPyPI
< 4.0.24.0.2

Affected products

19

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.