CVE-2024-1681

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions corydolphin/flask-cors (affected versions not specified)

Description The issue is due to improper output neutralization for logs, allowing log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117

Related Identifiers

BDU:2025-11598

CVE-2024-1681

DLA-4197-1

GHSA-84PR-M4JR-85G5

GHSA-PP84-V3MW-GG4W

MGASA-2025-0286

OESA-2024-1713

OPENSUSE-SU-2024:14293-1

PYSEC-2024-271

USN-7612-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Flask-Cors

CVE-2024-1681

Weakness Enumeration

Related Identifiers

Affected Products

References · 41