Home > Vulnerability Database > CVE-2024-6221

Mend.io Vulnerability Database

CVE-2024-6221

Good to know:

Date: August 18, 2024

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

Language: Python

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6221

Url: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d

Url: https://github.com/corydolphin/flask-cors

Url: https://www.mend.io/vulnerability-database/CVE-2024-6221

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6221

Good to know:

Date: August 18, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?