PYSEC-2024-260
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/flask-cors/PYSEC-2024-260.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2024-260
- Aliases
- Published
- 2024-08-18T19:15:04.730Z
- Modified
- 2026-05-21T15:00:08.205451018Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the
Access-Control-Allow-Private-NetworkCORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. - References
Affected packages
PyPI / flask-cors
Package
- Name
- flask-cors
- View open source insights on deps.dev
- Purl
- pkg:pypi/flask-cors
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.0.1
Affected versions
0.*
0.0.0.dev3
0.0.0.dev4
1.*
1.0
1.1
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.3.0
1.3.1
1.4.0
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.8.0
1.8.1
1.9.0
1.10.0
1.10.1
1.10.2
1.10.3
2.*
2.0.0rc1
2.0.0
2.0.1
2.1.0
2.1.1
2.1.2
2.1.3
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
4.*
4.0.0a0
4.0.0
4.0.1