[Git][security-tracker-team/security-tracker][master] python-flask-cors fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 20 16:56:19 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d1b1cde by Moritz Muehlenhoff at 2025-05-20T17:55:58+02:00
python-flask-cors fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21037,8 +21037,7 @@ CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings
CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
NOT-FOR-US: parisneo/lollms
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
- - python-flask-cors <unfixed> (bug #1100988)
- [trixie] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
+ - python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encryptio ...)
@@ -21048,8 +21047,7 @@ CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models
CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
- - python-flask-cors <unfixed> (bug #1100988)
- [trixie] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
+ - python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
NOTE: https://github.com/corydolphin/flask-cors/issues/385
@@ -21058,8 +21056,7 @@ CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-compl
CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
NOT-FOR-US: Vanna-ai
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
- - python-flask-cors <unfixed> (bug #1100988)
- [trixie] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
+ - python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that allows t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1b1cde792618a82d7afcc83e578750b362c1f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1b1cde792618a82d7afcc83e578750b362c1f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/37cecfaf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list