vulnerability
Ubuntu: USN-7612-1 (CVE-2024-6221): Flask-CORS vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Aug 18, 2024 | Jun 26, 2025 | Apr 16, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Aug 18, 2024
Added
Jun 26, 2025
Modified
Apr 16, 2026
Description
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.
Solutions
ubuntu-pro-upgrade-python3-flask-corsubuntu-upgrade-python3-flask-cors
References
- CVE-2024-6221
- https://attackerkb.com/topics/CVE-2024-6221
- CWE-284
- EUVD-EUVD-2024-0061
- UBUNTU-USN-7612-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-0061
- https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d
- https://ubuntu.com/security/notices/USN-7612-1
- https://www.cve.org/CVERecord?id=CVE-2024-6221
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.