Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching treats them as case-insensitive. This misconfiguration can lead to significant security vulnerabilities, allowing unauthorized origins to access paths meant to be restricted, resulting in data exposure and potential data leaks.

N/A

大小写敏感处理不恰当

Flask-CORS 安全漏洞

Flask-CORS是Cory Dolphin个人开发者的一个Flask的跨源资源共享组件。 Flask-CORS 4.01版本存在安全漏洞，该漏洞源于请求路径匹配不区分大小写，可能导致未授权跨域访问。

N/A

N/A