{"package":"flask_cors","ecosystem":"conda","latest_version":"4.0.0","description":"Cross Origin Resource Sharing ( CORS ) support for Flask","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/corydolphin/flask-cors","repository":"https://github.com/corydolphin/flask-cors","downloads_weekly":4051,"health":{"score":32,"risk":"critical","breakdown":{"maintenance":5,"popularity":6,"security":7,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":6,"critical":0,"high":2,"medium":4,"low":0,"details":[{"vuln_id":"CVE-2024-6866","severity":"medium","summary":"Flask-CORS vulnerable to Improper Handling of Case Sensitivity","affected_versions":"<6.0.0|=0.0.0.dev3|=0.0.0.dev4|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0|=4.0.1|=4.0.2|=5.0.0|=5.0.1","fixed_version":"6.0.0","source":"osv","published_at":"2025-03-20T12:32:45Z","in_kev":false,"epss_prob":0.00066,"epss_percentile":0.20105,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-6839","severity":"medium","summary":"Flask-CORS improper regex path matching vulnerability","affected_versions":"<6.0.0|=0.0.0.dev3|=0.0.0.dev4|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0|=4.0.1|=4.0.2|=5.0.0|=5.0.1","fixed_version":"6.0.0","source":"osv","published_at":"2025-03-20T12:32:45Z","in_kev":false,"epss_prob":0.00474,"epss_percentile":0.64818,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-1681","severity":"medium","summary":"flask-cors vulnerable to log injection when the log level is set to debug","affected_versions":"<4.0.1|=0.0.0.dev3|=0.0.0.dev4|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0","fixed_version":"4.0.1","source":"osv","published_at":"2024-04-19T21:31:08Z","in_kev":false,"epss_prob":0.00179,"epss_percentile":0.3917,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-6844","severity":"medium","summary":"Flask-CORS allows for inconsistent CORS matching","affected_versions":"<6.0.0|=0.0.0.dev3|=0.0.0.dev4|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0|=4.0.1|=4.0.2|=5.0.0|=5.0.1","fixed_version":"6.0.0","source":"osv","published_at":"2025-03-20T12:32:45Z","in_kev":false,"epss_prob":0.0011,"epss_percentile":0.29043,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-6221","severity":"high","summary":"Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default","affected_versions":"<4.0.2|=0.0.0.dev3|=0.0.0.dev4|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0|=4.0.1","fixed_version":"4.0.2","source":"osv","published_at":"2024-08-18T21:31:07Z","in_kev":false,"epss_prob":0.00637,"epss_percentile":0.70573,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-6221","severity":"high","summary":"A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.","affected_versions":"<4.0.2|=1.0|=1.1|=1.1.1|=1.1.2|=1.1.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.2.0|=1.2.1|=1.3.0|=1.3.1|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=1.7.0|=1.7.1|=1.7.2|=1.7.3|=1.7.4|=1.8.0|=1.8.1|=1.9.0|=2.0.0|=2.0.0rc1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.1.3|=3.0.0|=3.0.1|=3.0.10|=3.0.2|=3.0.3|=3.0.4|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=4.0.0|=4.0.0a0|=4.0.1|=0.0.0.dev3|=0.0.0.dev4","fixed_version":"4.0.2","source":"osv","published_at":"2024-08-18T19:15:00Z","in_kev":false,"epss_prob":0.00637,"epss_percentile":0.70573,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"4.0.0","total_count":4,"recent":["3.0.8","3.0.9","3.0.10","4.0.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-08-31 03:02:26.432000+00:00","last_published":"2025-04-22 14:57:19.339000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (32/100)","2 high severity vulnerabilities"],"use_version":"4.0.0","version_hint":"Update to >= 4.0.2 to fix known vulnerabilities","summary":"flask_cors@4.0.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":402,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":4,"primary_author_ratio":0.5,"owner_account_age_days":5671,"is_archived":false,"stars":933,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":3.3,"tier":"weak"},"quality":{"available":false},"version_history_summary":{"total_versions":4,"first_release_age_days":2069,"last_release_days_ago":373,"avg_days_between_releases":690,"release_velocity":"stale"},"popularity_warning":{"this_ecosystem_downloads":4051,"more_popular_in":{"ecosystem":"pypi","downloads_weekly":12397123},"hint":"This is the conda package 'flask_cors' (4,051 dl/week). A much more popular package with the same name exists in pypi (12,397,123 dl/week). Confirm you queried the right ecosystem."}}