{"url":"http://public2.vulnerablecode.io/api/packages/60605?format=json","purl":"pkg:pypi/flask-cors@3.0.7","type":"pypi","namespace":"","name":"flask-cors","version":"3.0.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0","latest_non_vulnerable_version":"6.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18128?format=json","vulnerability_id":"VCID-11yu-hz5b-myh1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1681","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39346","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3953","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39542","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39517","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1681"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/blob/40acc8092332dfed4bb54d7a4f89a6d479466de7/flask_cors/extension.py#L194","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/blob/40acc8092332dfed4bb54d7a4f89a6d479466de7/flask_cors/extension.py#L194"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-271.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-271.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069764","reference_id":"1069764","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069764"},{"reference_url":"https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644","reference_id":"25a7a0ba-9fa2-4777-acb6-03e5539bb644","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:21:15Z/"}],"url":"https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1681","reference_id":"CVE-2024-1681","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1681"},{"reference_url":"https://github.com/advisories/GHSA-84pr-m4jr-85g5","reference_id":"GHSA-84pr-m4jr-85g5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-84pr-m4jr-85g5"},{"reference_url":"https://usn.ubuntu.com/7612-1/","reference_id":"USN-7612-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7612-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30692?format=json","purl":"pkg:pypi/flask-cors@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6ccf-3cx2-93c3"},{"vulnerability":"VCID-pprn-p161-nqac"},{"vulnerability":"VCID-q1tv-w24e-27fg"},{"vulnerability":"VCID-q3hx-45gg-qubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@4.0.1"}],"aliases":["CVE-2024-1681","GHSA-84pr-m4jr-85g5","PYSEC-2024-271"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11yu-hz5b-myh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50100?format=json","vulnerability_id":"VCID-6ccf-3cx2-93c3","summary":"A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6221","reference_id":"","reference_type":"","scores":[{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.71065","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.71076","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.71078","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00637","scoring_system":"epss","scoring_elements":"0.70975","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6221"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/c8514760cf03fcce16d77f6db7007aad429c4548"},{"reference_url":"https://github.com/corydolphin/flask-cors/issues/362","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/issues/362"},{"reference_url":"https://github.com/corydolphin/flask-cors/pull/363","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/pull/363"},{"reference_url":"https://github.com/corydolphin/flask-cors/pull/368","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/pull/368"},{"reference_url":"https://github.com/corydolphin/flask-cors/releases","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/releases"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-260.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-260.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-71.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2024-71.yaml"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf","reference_id":"03aa3f8e2256437f7bad96422a747b98ab5e31bf","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T13:46:09Z/"}],"url":"https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081300","reference_id":"1081300","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081300"},{"reference_url":"https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d","reference_id":"a42935fc-6f57-4818-bca4-3d528235df4d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T13:46:09Z/"}],"url":"https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6221","reference_id":"CVE-2024-6221","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6221"},{"reference_url":"https://github.com/advisories/GHSA-hxwh-jpp2-84pm","reference_id":"GHSA-hxwh-jpp2-84pm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxwh-jpp2-84pm"},{"reference_url":"https://usn.ubuntu.com/7612-1/","reference_id":"USN-7612-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7612-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33024?format=json","purl":"pkg:pypi/flask-cors@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pprn-p161-nqac"},{"vulnerability":"VCID-q1tv-w24e-27fg"},{"vulnerability":"VCID-q3hx-45gg-qubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@4.0.2"}],"aliases":["CVE-2024-6221","GHSA-hxwh-jpp2-84pm","PYSEC-2024-260","PYSEC-2024-71"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ccf-3cx2-93c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8178?format=json","vulnerability_id":"VCID-mapv-y6mg-j7c5","summary":"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00048.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25032.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25032.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25032","reference_id":"","reference_type":"","scores":[{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80748","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80758","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80749","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80687","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25032"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xc3p-ff3m-f46v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc3p-ff3m-f46v"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895"},{"reference_url":"https://github.com/corydolphin/flask-cors/releases/tag/3.0.9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/releases/tag/3.0.9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2020-43.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/flask-cors/PYSEC-2020-43.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25032","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25032"},{"reference_url":"https://www.debian.org/security/2020/dsa-4775","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1876698","reference_id":"1876698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1876698"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969362","reference_id":"969362","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969362"},{"reference_url":"https://usn.ubuntu.com/6019-1/","reference_id":"USN-6019-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6019-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60607?format=json","purl":"pkg:pypi/flask-cors@3.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11yu-hz5b-myh1"},{"vulnerability":"VCID-6ccf-3cx2-93c3"},{"vulnerability":"VCID-pprn-p161-nqac"},{"vulnerability":"VCID-q1tv-w24e-27fg"},{"vulnerability":"VCID-q3hx-45gg-qubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@3.0.9"}],"aliases":["CVE-2020-25032","GHSA-xc3p-ff3m-f46v","PYSEC-2020-43"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mapv-y6mg-j7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50330?format=json","vulnerability_id":"VCID-pprn-p161-nqac","summary":"corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6839","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65317","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65326","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65216","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65328","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6839"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/core.py#L73","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/core.py#L73"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6839","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6839"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988","reference_id":"1100988","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988"},{"reference_url":"https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4","reference_id":"403eb1fc-86f4-4820-8eba-0f3dfae9f2b4","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:23Z/"}],"url":"https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4"},{"reference_url":"https://github.com/advisories/GHSA-7rxf-gvfg-47g4","reference_id":"GHSA-7rxf-gvfg-47g4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7rxf-gvfg-47g4"},{"reference_url":"https://usn.ubuntu.com/7612-1/","reference_id":"USN-7612-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7612-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377892?format=json","purl":"pkg:pypi/flask-cors@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@6.0.0"}],"aliases":["CVE-2024-6839","GHSA-7rxf-gvfg-47g4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pprn-p161-nqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50120?format=json","vulnerability_id":"VCID-q1tv-w24e-27fg","summary":"corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6866","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20696","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20718","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6866"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6866","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6866"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/extension.py#L195","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/blob/4.0.1/flask_cors/extension.py#L195"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6866","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6866"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988","reference_id":"1100988","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988"},{"reference_url":"https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6","reference_id":"808c11af-faee-43a8-824b-b5ab4f62b9e6","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:47:43Z/"}],"url":"https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6"},{"reference_url":"https://github.com/advisories/GHSA-43qf-4rqw-9q2g","reference_id":"GHSA-43qf-4rqw-9q2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43qf-4rqw-9q2g"},{"reference_url":"https://usn.ubuntu.com/7612-1/","reference_id":"USN-7612-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7612-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377892?format=json","purl":"pkg:pypi/flask-cors@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@6.0.0"}],"aliases":["CVE-2024-6866","GHSA-43qf-4rqw-9q2g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1tv-w24e-27fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50584?format=json","vulnerability_id":"VCID-q3hx-45gg-qubd","summary":"A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path normalization, causing potential mismatches in CORS configuration. As a result, endpoints may not be matched correctly to their CORS settings, leading to unexpected CORS policy application. This can cause unauthorized cross-origin access or block valid requests, creating security vulnerabilities and usability issues.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6844","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29231","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29239","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29028","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2925","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6844"},{"reference_url":"https://github.com/corydolphin/flask-cors","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors"},{"reference_url":"https://github.com/corydolphin/flask-cors/blob/main/flask_cors/extension.py#L193","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/blob/main/flask_cors/extension.py#L193"},{"reference_url":"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00049.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6844","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6844"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988","reference_id":"1100988","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100988"},{"reference_url":"https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0","reference_id":"731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:26:13Z/"}],"url":"https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0"},{"reference_url":"https://github.com/advisories/GHSA-8vgw-p6qm-5gr7","reference_id":"GHSA-8vgw-p6qm-5gr7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vgw-p6qm-5gr7"},{"reference_url":"https://usn.ubuntu.com/7612-1/","reference_id":"USN-7612-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7612-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377892?format=json","purl":"pkg:pypi/flask-cors@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@6.0.0"}],"aliases":["CVE-2024-6844","GHSA-8vgw-p6qm-5gr7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3hx-45gg-qubd"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/flask-cors@3.0.7"}