Corydolphin Flask-CORS Case-Insensitive Path Matching Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability exists in Corydolphin Flask-CORS version 4.01, where request path matching is improperly handled due to case insensitivity. This issue arises from the use of the 'try_match' function, which is designed for host matching but inadvertently applies to paths, leading to a security flaw. URLs are case-sensitive, and this misconfiguration can allow unauthorized origins to access restricted paths, potentially causing data exposure and leaks.

Impact

Exploitation of this vulnerability could result in unauthorized access to restricted paths, allowing for data exposure and potential data leaks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Corydolphin Flask-CORS Case-Insensitive Path Matching Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Affected Products

corydolphin/flask-cors

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating