ALT Linux Team

Package python3-module-flask-cors update in sisyphus_riscv64 on 2024-12-13

ALT-PU-2024-17068-1

Package python3-module-flask-cors updated to version 5.0.0-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2024-05-11

BDU:2024-07531

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2024-08-18
Modified: 2025-04-07

CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top