Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
werkzeug vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46136
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is perform...
Palletsprojects Werkzeug 3.0.0
Palletsprojects Werkzeug
1 Github repository
5.8
CVSSv2
CVE-2020-28724
Open redirect vulnerability in werkzeug prior to 0.11.6 via a double slash in the URL.
Palletsprojects Werkzeug
5
CVSSv2
CVE-2019-14322
In Pallets Werkzeug prior to 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
Palletsprojects Werkzeug
3 Github repositories
NA
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Hos...
Palletsprojects Werkzeug
NA
CVE-2023-25577
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more m...
Palletsprojects Werkzeug
4.3
CVSSv2
CVE-2016-10516
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug prior to 0.11.11 (as used in Pallets Flask and other products) allows remote malicious users to inject arbitrary web script or HTML via a field that contai...
Palletsprojects Werkzeug
7.5
CVSSv2
CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows malicious users to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in u...
Palletsprojects Werkzeug
5
CVSSv2
CVE-2019-14806
Pallets Werkzeug prior to 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Palletsprojects Werkzeug
Opensuse Leap 15.0
Opensuse Leap 15.1
5.8
CVSSv2
CVE-2021-23393
This affects the package Flask-Unchained prior to 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exp...
Flask Unchained Project Flask Unchained
5.8
CVSSv2
CVE-2021-23401
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex...
Flask-user Project Flask-user
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »