DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-6844

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-6844

Severity

5.3

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6844
  • https://github.com/advisories/GHSA-8vgw-p6qm-5gr7
  • https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html
  • https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal