Flask-cors Project Flask-cors — known CVE vulnerabilities
Every CVE whose affected-product data names Flask-cors Project Flask-cors, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-25032 — CVSS 7.5 (high): An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private…
CVE-2024-6866 — CVSS 7.5 (high): corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the…
CVE-2024-6839 — CVSS 5.3 (medium): corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns…
CVE-2024-6844 — CVSS 5.3 (medium): A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in…