Sign In

CVE-2024-6866

ADVISORY - github

Summary

corydolphin/flask-cors version 5.0.1 contains a vulnerability where the request path matching is case-insensitive due to the use of the try_match function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.

EPSS Score: 0.00066 (0.201)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-178

Improper Handling of Case Sensitivity

ADVISORY - github

CWE-178

Improper Handling of Case Sensitivity

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-178

Improper Handling of Case Sensitivity

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-6866
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-178

CVSS SCORE

7.5high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-43qf-4rqw-9q2g
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-178

CVSS SCORE

5.3medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-6866
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-6866
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2024-6866

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-178CWE-937

CVSS SCORE

5.3medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-3299-hg3m-2hr7

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-743g-2x82-4rpx

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-whf4-f4w4-r4wg

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY