Corydolphin Flask-Cors vulnerabilities

CVE-2024-6221 [HIGH] CWE-284 CVE-2024-6221: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Net A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential ne

CVE-2024-1681 [MEDIUM] CWE-117 CVE-2024-1681: corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacke corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing