/
DirectorySecurity AdvisoriesPricing
Sign In
Security Advisories

CVE-2024-6839

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6839

Severity

Unknown

Description

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.

References

  • https://images.chainguard.dev/security/CGA-x5jq-g4gr-qxfg

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs