CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:flask-cors_project:flask-cors:4.0.1:*:*:*:*:*:*:*

History

03 Nov 2025, 20:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html -

Information

Published : 2025-03-20 10:15

Updated : 2025-11-03 20:17

NVD link : CVE-2024-6866

Mitre link : CVE-2024-6866

CVE.ORG link : CVE-2024-6866

JSON object : View

Products Affected

flask-cors_project

flask-cors

CWE

CWE-178

Improper Handling of Case Sensitivity

{"id": "CVE-2024-6866", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:34.620", "references": [{"url": "https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-178"}]}], "descriptions": [{"lang": "en", "value": "corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks."}, {"lang": "es", "value": "La versi\u00f3n 4.01 de corydolphin/flask-cors contiene una vulnerabilidad donde la coincidencia de rutas de solicitud no distingue entre may\u00fasculas y min\u00fasculas debido al uso de la funci\u00f3n `try_match`, originalmente dise\u00f1ada para la coincidencia de hosts. Esto genera una discrepancia, ya que las rutas en las URL distinguen entre may\u00fasculas y min\u00fasculas, pero la coincidencia de expresiones regulares las trata como si no las tuvieran. Esta configuraci\u00f3n incorrecta puede generar vulnerabilidades de seguridad importantes, permitiendo que or\u00edgenes no autorizados accedan a rutas que deber\u00edan estar restringidas, lo que resulta en la exposici\u00f3n y posibles fugas de datos."}], "lastModified": "2025-11-03T20:17:04.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flask-cors_project:flask-cors:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B39A789-3A63-4B10-A09D-2E08E7F36F1B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}