Corydolphin

corydolphin

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Flask Cors

flask-cors

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6221 1Corydolphin 1Flask Cors Apr 7, 2025 Aug 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized exter...Show more A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.Show less
CVE-2024-1681 1Corydolphin 1Flask Cors Nov 3, 2025 Apr 19, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in...Show more corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-6221

1Corydolphin

1Flask Cors

Apr 7, 2025

Aug 18, 2024

N/A· v4

7.5 HIGH· v3

N/A· v2

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.Show less

CVE-2024-1681

1Corydolphin

1Flask Cors

Nov 3, 2025

Apr 19, 2024

N/A· v4

5.3 MEDIUM· v3

N/A· v2

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.Show less