All errata/sisyphus/ALT-PU-2024-16980-3
ALT-PU-2024-16980-3

Package update python3-module-flask-cors in branch sisyphus

Version5.0.0-alt1
Task#364817
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (3)

BDU:2024-07531
MEDIUM6.5

Уязвимость реализации механизма CORS хранилища программных продуктов языка Python PyPi, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2024-09-27Modified: 2026-03-10
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
CVE-2024-6221
HIGH7.5

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Published: 2024-08-18Modified: 2025-04-07
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
GHSA-hxwh-jpp2-84pm
HIGH8.7

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

Published: 2024-08-19Modified: 2025-04-07
CVSS 3.xHIGH 8.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 4.0HIGH 8.7
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References