VYPR

apk package

wolfi/py3.12-flask-cors

pkg:apk/wolfi/py3.12-flask-cors

Vulnerabilities (2)

  • CVE-2024-6221HigAug 18, 2024
    affected < 4.0.2-r0fixed 4.0.2-r0

    A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as da

  • CVE-2024-1681MedApr 19, 2024
    affected < 4.0.1-r0fixed 4.0.1-r0

    corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to co