Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
palletsprojects werkzeug vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46136
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is perform...
Palletsprojects Werkzeug 3.0.0
Palletsprojects Werkzeug
1 Github repository
NA
CVE-2023-25577
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more m...
Palletsprojects Werkzeug
NA
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Hos...
Palletsprojects Werkzeug
7.5
CVSSv2
CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows malicious users to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in u...
Palletsprojects Werkzeug
5.8
CVSSv2
CVE-2020-28724
Open redirect vulnerability in werkzeug prior to 0.11.6 via a double slash in the URL.
Palletsprojects Werkzeug
5
CVSSv2
CVE-2019-14806
Pallets Werkzeug prior to 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Palletsprojects Werkzeug
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
4.3
CVSSv2
CVE-2016-10516
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug prior to 0.11.11 (as used in Pallets Flask and other products) allows remote malicious users to inject arbitrary web script or HTML via a field that contai...
Palletsprojects Werkzeug
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started