Updated python-flask-cors packages fix security vulnerabilities
Publication date: 13 Nov 2025Modification date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1681 , CVE-2024-6221 , CVE-2024-6839 , CVE-2024-6844 , CVE-2024-6866
Description
Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681)
Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221)
Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839)
Inconsistent CORS Matching Due to Handling of '+' in URL Path in
corydolphin/flask-cors. (CVE-2024-6844)
Case-Insensitive Path Matching in corydolphin/flask-cors.
(CVE-2024-6866)
References
- https://bugs.mageia.org/show_bug.cgi?id=34424
- https://ubuntu.com/security/notices/USN-7612-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6221
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6839
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6844
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6866
SRPMS
9/core
- python-flask-cors-3.0.10-1.1.mga9