[Git][security-tracker-team/security-tracker][master] new flask-cors issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 21 07:43:35 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18844465 by Moritz Muehlenhoff at 2025-03-21T08:43:15+01:00
new flask-cors issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -402,7 +402,8 @@ CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings
 CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
 	NOT-FOR-US: parisneo/lollms
 CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
-	TODO: check
+	- python-flask-cors <unfixed>
+	NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
 CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encryptio ...)
 	NOT-FOR-US: h2oai/h2o-3
 CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does  ...)
@@ -410,13 +411,15 @@ CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models
 CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
 	NOT-FOR-US: aimhubio/aim
 CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
-	TODO: check
+	- python-flask-cors <unfixed>
+	NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
 CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete`  ...)
 	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
 	NOT-FOR-US: Vanna-ai
 CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
-	TODO: check
+	- python-flask-cors <unfixed>
+	NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
 CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that allows t ...)
 	NOT-FOR-US: mlflow
 CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/188444658d907b4c84a68568462be3884bd3b945

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/188444658d907b4c84a68568462be3884bd3b945
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/8a01375d/attachment.htm>

More information about the debian-security-tracker-commits mailing list