apk package
wolfi/py3-flask-cors
pkg:apk/wolfi/py3-flask-cors
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-6221 | Hig | 7.5 | < 4.0.2-r0 | 4.0.2-r0 | Aug 18, 2024 | A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as da | |
| CVE-2024-1681 | Med | 5.3 | < 4.0.1-r0 | 4.0.1-r0 | Apr 19, 2024 | corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to co |
- affected < 4.0.2-r0fixed 4.0.2-r0
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as da
- affected < 4.0.1-r0fixed 4.0.1-r0
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to co