Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-46136

Published: 25/10/2023 Updated: 10/01/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Palletsprojects

Vulnerability Summary

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an malicious user to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

Vulnerable Product Search on Vulmon Subscribe to Product

palletsprojects werkzeug 3.0.0

palletsprojects werkzeug

Vendor Advisories

Debian CVElist Bug Report Logs: python-werkzeug: CVE-2023-46136
Debian Bug report logs - #1054553 python-werkzeug: CVE-2023-46136 Package: src:python-werkzeug; Maintainer for src:python-werkzeug is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Oct 2023 19:15:02 UTC Severity: important Tags: security, upstr ...
Red Hat: Important: OpenShift Container Platform 4.12.45 bug fix and security update
概述 Important: OpenShift Container Platform 41245 bug fix and security update 类型/严重性 Security Advisory: Important 标题 Red Hat OpenShift Container Platform release 41245 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShi ...
Red Hat: Important: OpenShift Container Platform 4.12.45 packages and security update
Synopsis Important: OpenShift Container Platform 41245 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41245 is now available with updates to p ...
Red Hat: Moderate: OpenShift Container Platform 4.13.24 packages and security update
Synopsis Moderate: OpenShift Container Platform 41324 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41324 is now available with updates to pac ...

Github Repositories

https://github.com/marcus67/some_flask_helpers

some_flask_helpers This is a little Simple Extensions to the Flask Framework: The class BlueprintAdapter allows you to use blueprints as decorators The class FlaskStopper defines a Flask blueprint to add a clean shut-down mechanism to a Flask web server which may come in handy for test cases which have to start and tear down Flask servers repeatedly Source Repository Se

References

CWE-787https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rwhttps://security.netapp.com/advisory/ntap-20231124-0008/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook