CVE-2024-1681

19.04.2024, 20:15

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
@huntr_ai	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
corydolphin	flask-cors	4.0.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-flask-cors

bullseye	vulnerable
bookworm	no-dsa
buster	postponed
bullseye (security)	3.0.9-2+deb11u1 fixed
forky	6.0.1-1 fixed
sid	6.0.1-1 fixed
trixie	6.0.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-flask-cors

plucky	not-affected
oracular	not-affected
noble	Fixed 4.0.0-1ubuntu0.1~esm1 released
mantic	ignored
jammy	Fixed 3.0.9-2ubuntu0.1 released
focal	Fixed 3.0.8-2ubuntu0.1+esm1 released

Known Exploits!

Common Weakness Enumeration

CWE-117 - Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.

References

https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644