Vulnerabilites related to palletsprojects - werkzeug
cve-2019-14322
Vulnerability from cvelistv5
Published
2019-07-28 12:36
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
References
| ▼ | URL | Tags |
|---|---|---|
| https://palletsprojects.com/blog/werkzeug-0-15-5-released/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:12:43.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-06T17:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", refsource: "MISC", url: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", }, { name: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14322", datePublished: "2019-07-28T12:36:59", dateReserved: "2019-07-28T00:00:00", dateUpdated: "2024-08-05T00:12:43.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49767
Vulnerability from cvelistv5
Published
2024-10-25 19:41
Modified
2025-01-03 12:04
Severity ?
EPSS score ?
Summary
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2 | x_refsource_CONFIRM | |
| https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee | x_refsource_MISC | |
| https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/releases/tag/3.0.6 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "werkzeug", vendor: "palletsprojects", versions: [ { lessThan: "3.0.6", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-49767", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T20:06:53.070201Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T20:07:56.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-03T12:04:27.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250103-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "werkzeug", vendor: "pallets", versions: [ { status: "affected", version: "< 3.0.6", }, ], }, ], descriptions: [ { lang: "en", value: "Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-27T21:01:51.234Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2", }, { name: "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee", }, { name: "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f", }, { name: "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b", }, { name: "https://github.com/pallets/werkzeug/releases/tag/3.0.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/releases/tag/3.0.6", }, ], source: { advisory: "GHSA-q34m-jh98-gwm2", discovery: "UNKNOWN", }, title: "Werkzeug possible resource exhaustion when parsing file data in forms", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-49767", datePublished: "2024-10-25T19:41:35.029Z", dateReserved: "2024-10-18T13:43:23.457Z", dateUpdated: "2025-01-03T12:04:27.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29361
Vulnerability from cvelistv5
Published
2022-05-24 23:56
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/issues/2420 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:17:54.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/issues/2420", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-29T15:57:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/issues/2420", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-29361", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", refsource: "MISC", url: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", }, { name: "https://github.com/pallets/werkzeug/issues/2420", refsource: "MISC", url: "https://github.com/pallets/werkzeug/issues/2420", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29361", datePublished: "2022-05-24T23:56:15", dateReserved: "2022-04-16T00:00:00", dateUpdated: "2024-08-03T06:17:54.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46136
Vulnerability from cvelistv5
Published
2023-10-24 23:48
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:39.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", }, { name: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231124-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "werkzeug", vendor: "pallets", versions: [ { status: "affected", version: "< 3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-407", description: "CWE-407: Inefficient Algorithmic Complexity", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-24T09:06:33.674Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", }, { name: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", }, { url: "https://security.netapp.com/advisory/ntap-20231124-0008/", }, ], source: { advisory: "GHSA-hrfv-mqp8-q5rw", discovery: "UNKNOWN", }, title: "Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46136", datePublished: "2023-10-24T23:48:56.960Z", dateReserved: "2023-10-16T17:51:35.574Z", dateUpdated: "2025-02-13T17:14:17.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25577
Vulnerability from cvelistv5
Published
2023-02-14 19:56
Modified
2025-03-10 21:11
Severity ?
EPSS score ?
Summary
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.228Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", }, { name: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", }, { name: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5470", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25577", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:58:37.929356Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:11:31.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "werkzeug", vendor: "pallets", versions: [ { status: "affected", version: "< 2.2.3", }, ], }, ], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-18T13:06:21.732Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", }, { name: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", }, { name: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { url: "https://www.debian.org/security/2023/dsa-5470", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, ], source: { advisory: "GHSA-xg9f-g7g7-2323", discovery: "UNKNOWN", }, title: "Werkzeug may allow high resource usage when parsing multipart form data with many fields", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-25577", datePublished: "2023-02-14T19:56:26.346Z", dateReserved: "2023-02-07T17:10:00.742Z", dateUpdated: "2025-03-10T21:11:31.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23934
Vulnerability from cvelistv5
Published
2023-02-14 19:56
Modified
2025-03-10 21:11
Severity ?
EPSS score ?
Summary
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:49:07.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", }, { name: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", }, { name: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5470", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-23934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:57:36.294064Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:11:36.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "werkzeug", vendor: "pallets", versions: [ { status: "affected", version: "< 2.2.3", }, ], }, ], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-18T13:06:20.023Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", }, { name: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", }, { name: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { url: "https://www.debian.org/security/2023/dsa-5470", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, ], source: { advisory: "GHSA-px8h-6qxv-m22q", discovery: "UNKNOWN", }, title: "Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-23934", datePublished: "2023-02-14T19:56:22.659Z", dateReserved: "2023-01-19T21:12:31.360Z", dateUpdated: "2025-03-10T21:11:36.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10516
Vulnerability from cvelistv5
Published
2017-10-23 16:00
Modified
2024-08-06 03:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html | mailing-list, x_refsource_MLIST | |
| https://github.com/pallets/werkzeug/pull/1001 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:21:52.162Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", }, { name: "[debian-lts-announce] 20171124 [SECURITY] [DLA 1191-1] python-werkzeug security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/pull/1001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-23T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-02T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", }, { name: "[debian-lts-announce] 20171124 [SECURITY] [DLA 1191-1] python-werkzeug security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/pull/1001", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10516", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", refsource: "MISC", url: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", }, { name: "[debian-lts-announce] 20171124 [SECURITY] [DLA 1191-1] python-werkzeug security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", }, { name: "https://github.com/pallets/werkzeug/pull/1001", refsource: "MISC", url: "https://github.com/pallets/werkzeug/pull/1001", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10516", datePublished: "2017-10-23T16:00:00", dateReserved: "2017-10-23T00:00:00", dateUpdated: "2024-08-06T03:21:52.162Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14806
Vulnerability from cvelistv5
Published
2019-08-09 14:29
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168 | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 | x_refsource_MISC | |
| https://palletsprojects.com/blog/werkzeug-0-15-3-released/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:26:39.060Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", }, { name: "openSUSE-SU-2019:2118", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", }, { name: "openSUSE-SU-2019:2145", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-17T17:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", }, { tags: [ "x_refsource_MISC", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", }, { name: "openSUSE-SU-2019:2118", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", }, { name: "openSUSE-SU-2019:2145", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14806", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", refsource: "MISC", url: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", }, { name: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", refsource: "MISC", url: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", }, { name: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", refsource: "MISC", url: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", }, { name: "openSUSE-SU-2019:2118", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", }, { name: "openSUSE-SU-2019:2145", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14806", datePublished: "2019-08-09T14:29:16", dateReserved: "2019-08-09T00:00:00", dateUpdated: "2024-08-05T00:26:39.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28724
Vulnerability from cvelistv5
Published
2020-11-18 14:26
Modified
2024-08-04 16:40
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pallets/flask/issues/1639 | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/issues/822 | x_refsource_MISC | |
| https://github.com/pallets/werkzeug/pull/890/files | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:40:59.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/flask/issues/1639", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/issues/822", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/werkzeug/pull/890/files", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-18T14:26:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/flask/issues/1639", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/issues/822", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/werkzeug/pull/890/files", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-28724", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/pallets/flask/issues/1639", refsource: "MISC", url: "https://github.com/pallets/flask/issues/1639", }, { name: "https://github.com/pallets/werkzeug/issues/822", refsource: "MISC", url: "https://github.com/pallets/werkzeug/issues/822", }, { name: "https://github.com/pallets/werkzeug/pull/890/files", refsource: "MISC", url: "https://github.com/pallets/werkzeug/pull/890/files", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28724", datePublished: "2020-11-18T14:26:01", dateReserved: "2020-11-16T00:00:00", dateUpdated: "2024-08-04T16:40:59.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:47
Severity ?
2.6 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "EE8F26B3-94E2-45A2-A114-56AF4D262414", versionEndExcluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.", }, ], id: "CVE-2023-23934", lastModified: "2024-11-21T07:47:07.947", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T20:15:17.370", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, { source: "security-advisories@github.com", url: "https://www.debian.org/security/2023/dsa-5470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2023/dsa-5470", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-23 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "161F60FC-EA71-42AF-B8A6-91B0D1ADE828", versionEndExcluding: "0.11.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.", }, { lang: "es", value: "Vulnerabilidad Cross-Site Scripting (XSS) en la función render_full en debug/tbtools.py en el depurador en Pallets Werkzeug en versiones anteriores a la 0.11.11 (usado en Pallets Flask y otros productos) permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un campo que contenga un mensaje de excepción.", }, ], id: "CVE-2016-10516", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-23T16:29:00.313", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/pull/1001", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/pull/1001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-25 20:15
Modified
2025-01-03 12:15
Severity ?
Summary
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | quart | * | |
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:quart:*:*:*:*:*:python:*:*", matchCriteriaId: "9E539F20-B2D2-42F4-98D4-DB92AAB1741E", versionEndExcluding: "0.19.7", vulnerable: true, }, { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "50FE9673-B294-4203-9C8D-DEF5028AE799", versionEndExcluding: "3.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.", }, { lang: "es", value: "Werkzeug es una librería de aplicaciones web de interfaz de puerta de enlace de servidor web. Las aplicaciones que utilizan `werkzeug.formparser.MultiPartParser` correspondiente a una versión de Werkzeug anterior a la 3.0.6 para analizar solicitudes `multipart/form-data` (por ejemplo, todas las aplicaciones Flask) son vulnerables a un ataque de agotamiento de recursos (denegación de servicio) relativamente simple pero efectivo. Una solicitud de envío de formulario manipulada específicamente puede hacer que el analizador asigne y bloquee de 3 a 8 veces el tamaño de carga en la memoria principal. No hay un límite superior; una sola carga a 1 Gbit/s puede agotar 32 GB de RAM en menos de 60 segundos. La versión 3.0.6 de Werkzeug corrige este problema.", }, ], id: "CVE-2024-49767", lastModified: "2025-01-03T12:15:26.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-10-25T20:15:04.530", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee", }, { source: "security-advisories@github.com", url: "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/pallets/werkzeug/releases/tag/3.0.6", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20250103-0007/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-770", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-28 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://palletsprojects.com/blog/werkzeug-0-15-5-released/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://palletsprojects.com/blog/werkzeug-0-15-5-released/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "671AD141-5DEF-4A67-ABCC-4FDFB7490A20", versionEndExcluding: "0.15.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.", }, { lang: "es", value: "En Werkzeug de Pallets anterior a versión 0.15.5, la función SharedDataMiddleware maneja inapropiadamente los nombres de las unidades (tal y como C:) en los nombres de ruta de Windows.", }, ], id: "CVE-2019-14322", lastModified: "2024-11-21T04:26:29.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-28T13:15:10.597", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "EE8F26B3-94E2-45A2-A114-56AF4D262414", versionEndExcluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.", }, ], id: "CVE-2023-25577", lastModified: "2024-11-21T07:49:45.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T20:15:17.543", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, { source: "security-advisories@github.com", url: "https://www.debian.org/security/2023/dsa-5470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/pallets/werkzeug/releases/tag/2.2.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230818-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2023/dsa-5470", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-18 15:15
Modified
2024-11-21 05:23
Severity ?
Summary
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pallets/flask/issues/1639 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/pallets/werkzeug/issues/822 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/pallets/werkzeug/pull/890/files | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/flask/issues/1639 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/werkzeug/issues/822 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/werkzeug/pull/890/files | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "F08190F6-474E-440F-9258-866A0A73239A", versionEndExcluding: "0.11.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.", }, { lang: "es", value: "Una vulnerabilidad de redireccionamiento abierto en werkzeug versiones anteriores a 0.11.6 por medio de una barra doble en la URL", }, ], id: "CVE-2020-28724", lastModified: "2024-11-21T05:23:09.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-18T15:15:12.990", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/flask/issues/1639", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/issues/822", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/pull/890/files", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/flask/issues/1639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/issues/822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/pull/890/files", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-09 15:15
Modified
2024-11-21 04:27
Severity ?
Summary
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "2BEABB52-D59B-4CBF-AD1B-47B7F8909E70", versionEndExcluding: "0.15.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", }, { lang: "es", value: "Pallets Werkzeug en versiones anteriores a 0.15.3, cuando es usado con Docker, presenta una aleatoriedad insuficiente del PIN del depurador porque los contenedores Docker comparten la mismo id de máquina.", }, ], id: "CVE-2019-14806", lastModified: "2024-11-21T04:27:23.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-09T15:15:12.917", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://palletsprojects.com/blog/werkzeug-0-15-3-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-331", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-25 01:15
Modified
2024-11-21 06:58
Severity ?
Summary
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/pallets/werkzeug/issues/2420 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pallets/werkzeug/issues/2420 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "28C03D81-9114-4C7B-878F-EA1756C3C43E", versionEndIncluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project", }, { lang: "es", value: "** EN DISPUTA ** Un análisis inapropiado de las peticiones HTTP en Pallets Werkzeug versiones v2.1.0 y anteriores, permite a atacantes llevar a cabo un contrabando de peticiones HTTP usando una petición HTTP diseñada con múltiples peticiones incluidas en el cuerpo. NOTA: la posición del proveedor es que este comportamiento sólo puede ocurrir en configuraciones no soportadas que implican el modo de desarrollo y un servidor HTTP desde fuera del proyecto Werkzeug", }, ], id: "CVE-2022-29361", lastModified: "2024-11-21T06:58:58.007", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-25T01:15:07.277", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/issues/2420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/pallets/werkzeug/issues/2420", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-25 18:17
Modified
2024-11-21 08:27
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| palletsprojects | werkzeug | * | |
| palletsprojects | werkzeug | 3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", matchCriteriaId: "F6578217-312C-44C5-851E-7F6FC6C0F8C1", versionEndExcluding: "2.3.8", vulnerable: true, }, { criteria: "cpe:2.3:a:palletsprojects:werkzeug:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3ECAF2F0-90D0-4564-93A5-0EAE8B317123", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.", }, { lang: "es", value: "Werkzeug es una librería completa de aplicaciones web WSGI. Si se carga un archivo que comienza con CR o LF y luego va seguido de megabytes de datos sin estos caracteres: todos estos bytes se agregan fragmento a fragmento en una matriz de bytes interna y la búsqueda de los límites se realiza en un búfer en crecimiento. Esto permite a un atacante provocar una denegación de servicio enviando datos multiparte manipulados a un endpoint que los analizará. La cantidad de tiempo de CPU necesaria puede impedir que los procesos de trabajo manejen solicitudes legítimas. Esta vulnerabilidad ha sido parcheada en la versión 3.0.1.", }, ], id: "CVE-2023-46136", lastModified: "2024-11-21T08:27:57.400", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-25T18:17:36.753", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231124-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231124-0008/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-407", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }