/
DirectorySecurity AdvisoriesPricing
Sign In
Security Advisories

CVE-2024-6844

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6844

Severity

Unknown

Description

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.

References

  • https://images.chainguard.dev/security/CGA-prgw-64rx-hr6v

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs