High severity7.5NVD Advisory· Published Aug 18, 2024· Updated Jun 17, 2026
CVE-2024-6221
CVE-2024-6221
Description
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Flask-CorsPyPI | < 4.0.2 | 4.0.2 |
Affected products
19=4.0.1+ 1 more
- (no CPE)range: =4.0.1
- (no CPE)range: unspecified
- osv-coords17 versionspkg:apk/chainguard/kubeflow-jupyter-web-apppkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/py3.10-flask-corspkg:apk/chainguard/py3.11-flask-corspkg:apk/chainguard/py3.12-flask-corspkg:apk/chainguard/py3.13-flask-corspkg:apk/chainguard/py3-flask-corspkg:apk/chainguard/py3-supported-flask-corspkg:apk/wolfi/kubeflow-jupyter-web-apppkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/py3.10-flask-corspkg:apk/wolfi/py3.11-flask-corspkg:apk/wolfi/py3.12-flask-corspkg:apk/wolfi/py3.13-flask-corspkg:apk/wolfi/py3-flask-corspkg:apk/wolfi/py3-supported-flask-corspkg:pypi/flask-cors
< 1.9.1-r0+ 16 more
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 1.9.1-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2-r0
- (no CPE)range: < 4.0.2
Patches
Vulnerability mechanics
References
12- huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4dnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-hxwh-jpp2-84pmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-6221ghsaADVISORY
- github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bfnvdWEB
- github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ecghsaWEB
- github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548ghsaWEB
- github.com/corydolphin/flask-cors/issues/362ghsaWEB
- github.com/corydolphin/flask-cors/pull/363ghsaWEB
- github.com/corydolphin/flask-cors/pull/368ghsaWEB
- github.com/corydolphin/flask-cors/releasesghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-260.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-71.yamlghsaWEB
News mentions
0No linked articles in our index yet.