[Git][security-tracker-team/security-tracker][master] Update CVE-2024-6221
Daniel Leidert (@dleidert)
dleidert at debian.org
Sat May 31 02:39:27 BST 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70a29631 by Daniel Leidert at 2025-05-31T03:38:42+02:00
Update CVE-2024-6221
The vulnerability doesn't affect versions before 3.1.01. Also, there was a
follow-up change that is already included in version 5.0.0. Add the patch link
for documentation purposes only.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85445,12 +85445,13 @@ CVE-2024-7904 (A vulnerability was found in DedeBIZ 6.3.0. It has been rated as
NOT-FOR-US: DedeBIZ
CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...)
- python-flask-cors 5.0.0-1 (bug #1081300)
- [bookworm] - python-flask-cors <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - python-flask-cors <postponed> (Minor issue)
+ [bookworm] - python-flask-cors <not-affected> (Vulnerable code introduced in 3.1.01)
+ [bullseye] - python-flask-cors <not-affected> (Vulnerable code introduced in 3.1.01)
NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
NOTE: https://github.com/corydolphin/flask-cors/issues/337
NOTE: https://github.com/advisories/GHSA-hxwh-jpp2-84pm
NOTE: https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec (4.0.2)
+ NOTE: https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548 (5.0.0, follow-up)
CVE-2024-43353 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-43352 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a29631d6b50f87c2c91f249cb5842d58ad8d67
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a29631d6b50f87c2c91f249cb5842d58ad8d67
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/b7f09a32/attachment.htm>
More information about the debian-security-tracker-commits
mailing list