What is CVE-2024-6839?

CVE-2024-6839 is a medium-severity vulnerability in Corydolphin Corydolphin/flask-cors, classified under CWE-41. CVSS score: 4.3/10. Published 2025-03-20.

How severe is CVE-2024-6839?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2024-6839 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Corydolphin Corydolphin/flask-cors

CVE-2024-6839

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being a…

EPSS: 0.005 (65.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Corydolphin Corydolphin/flask-cors — versions unspecified

Weakness classification (CWE)

CWE-41

Public proof-of-concept exploits

w4zu/Debian_

References

huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4

Frequently asked questions

What is CVE-2024-6839?: CVE-2024-6839 is a medium-severity vulnerability in Corydolphin Corydolphin/flask-cors, classified under CWE-41. CVSS score: 4.3/10. Published 2025-03-20.
How severe is CVE-2024-6839?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2024-6839 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.