Home > Vulnerability Database > CVE-2024-6221

Mend.io Vulnerability Database

CVE-2024-6221

Good to know:

Date: August 18, 2024

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Language: Python

Severity Score

7.5

Related Resources (11)

Url: https://github.com/corydolphin/flask-cors/releases

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6221

Url: https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-71.yaml

Url: https://github.com/corydolphin/flask-cors/pull/363

Url: https://github.com/corydolphin/flask-cors/issues/362

Url: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec

Url: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

Url: https://github.com/corydolphin/flask-cors/pull/368

Url: https://github.com/corydolphin/flask-cors

Url: https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548

Url: https://www.mend.io/vulnerability-database/CVE-2024-6221

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version flask-cors - 4.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6221

Good to know:

Date: August 18, 2024

Language: Python

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?