How severe is CVE-2024-6866?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-6866?

This is classified as CWE-178, which is a common weakness in software security.

CVE-2024-6866

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-178

View all →

Vulnerability Description

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.

CVE-2018-8337

MEDIUM

CVSS:5.3(Medium)

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affec...

CWE-1782018

CVE-2022-22968

MEDIUM

CVSS:5.3(Medium)

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively...

CWE-1782022

CVE-2024-38820

MEDIUM

CVSS:5.3(Medium)

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not...

CWE-1782024

CVE-2017-8493

MEDIUM

CVSS:5.5(Medium)

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require...

CWE-1782017

CVE-2021-0973

MEDIUM

CVSS:5.0(Medium)

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no add...

CWE-1782021

CVE-2025-27636

MEDIUM

CVSS:5.6(Medium)

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through ...

CWE-1782025

CVE-2024-6866

Vulnerability Description

Related Vulnerabilities

CVE-2018-8337

CVE-2022-22968

CVE-2024-38820

CVE-2017-8493

CVE-2021-0973

CVE-2025-27636