An update for python-Flask-Cors is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2198 Final 1.0 1.0 2024-09-27 Initial 2024-09-27 2024-09-27 openEuler SA Tool V1.0 2024-09-27 python-Flask-Cors security update An update for python-Flask-Cors is now available for openEuler-24.03-LTS A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Security Fix(es): A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.(CVE-2024-6221) An update for python-Flask-Cors is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-Flask-Cors https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2198 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6221 https://nvd.nist.gov/vuln/detail/CVE-2024-6221 openEuler-24.03-LTS python-Flask-Cors-5.0.0-1.oe2403.src.rpm python-Flask-Cors-help-5.0.0-1.oe2403.noarch.rpm python3-Flask-Cors-5.0.0-1.oe2403.noarch.rpm A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. 2024-09-27 CVE-2024-6221 openEuler-24.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N python-Flask-Cors security update 2024-09-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2198