All errata/sisyphus_riscv64/ALT-PU-2024-17068-1
ALT-PU-2024-17068-1

Package update python3-module-flask-cors in branch sisyphus_riscv64

Version5.0.0-alt1
Task#0
Published2024-12-13
Max severityHIGH
Severity:

Closed issues (2)

BDU:2024-07531
MEDIUM6.5

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2024-09-27Modified: 2026-03-10
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
CVE-2024-6221
HIGH7.5

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Published: 2024-08-18Modified: 2025-04-07
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References