Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
palletsprojects werkzeug vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46136
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is perform...
Palletsprojects Werkzeug 3.0.0
Palletsprojects Werkzeug
1 Github repository
668
VMScore
CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows malicious users to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in u...
Palletsprojects Werkzeug
516
VMScore
CVE-2020-28724
Open redirect vulnerability in werkzeug prior to 0.11.6 via a double slash in the URL.
Palletsprojects Werkzeug
NA
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Hos...
Palletsprojects Werkzeug
383
VMScore
CVE-2016-10516
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug prior to 0.11.11 (as used in Pallets Flask and other products) allows remote malicious users to inject arbitrary web script or HTML via a field that contai...
Palletsprojects Werkzeug
446
VMScore
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
NA
CVE-2023-25577
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more m...
Palletsprojects Werkzeug
446
VMScore
CVE-2019-14806
Pallets Werkzeug prior to 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Palletsprojects Werkzeug
Opensuse Leap 15.0
Opensuse Leap 15.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started