CVE-2024-6866

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PyPi (affected versions not specified)

Description The issue is related to the try match function in PyPi, a Python package repository, which improperly handles case sensitivity. This can be exploited by a remote attacker to bypass CORS policy by changing the case of the URL path, potentially affecting the confidentiality of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-178

Related Identifiers

BDU:2024-07532

CVE-2024-6866

DLA-4197-1

GHSA-43QF-4RQW-9Q2G

MGASA-2025-0286

OESA-2025-1938

OESA-2025-1939

OESA-2025-1981

OPENSUSE-SU-2026:10485-1

USN-7612-1

Affected Products

Debian

Linuxmint

Pypi

Red Os

Ubuntu

CVE-2024-6866

Weakness Enumeration

Related Identifiers

Affected Products

References · 41