Home > Vulnerability Database > CVE-2024-6839

Mend.io Vulnerability Database

CVE-2024-6839

Good to know:

Date: March 20, 2025

corydolphin/flask-cors contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.

Severity Score

4.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6839

Url: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4

Url: https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/core.py#L73

Url: https://github.com/corydolphin/flask-cors

Url: https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f

Url: https://www.mend.io/vulnerability-database/CVE-2024-6839

Severity Score

4.3

Weakness Type (CWE)

Improper Resolution of Path Equivalence

CWE-41

Top Fix

Upgrade Version

Upgrade to version flask-cors - 6.0.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6839

Good to know:

Date: March 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?