24 matches found
Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively
Summary Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...
ALPINE-CVE-2026-27199
Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...
UBUNTU-CVE-2025-66221
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
CVE-2025-66221 Werkzeug safe_join() allows Windows special device names
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
CVE-2025-66221 Werkzeug safe_join() allows Windows special device names
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
EUVD-2024-3107
Malicious code in bioql PyPI...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to to Cross-Site Request Forgery (CSRF) due to insecure debugger access in Werkzeug ( CVE-2024-34069)
Summary Potential vulnerabilities in Werkzeug has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. The debugger in affected version...
The vulnerability of the library for developing web applications – Werkzeug, related to writing beyond the buffer boundaries, allows attackers to trigger a service failure.
The vulnerability of the Werkzeug library for developing web applications relates to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Security Bulletin: There is a vulnerability in Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions
Summary There is a vulnerablity in the Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server...
Linux Distros Unpatched Vulnerability : CVE-2024-34069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's...
Updated python-werkzeug packages fix security vulnerability
Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parsing multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...
CVE-2024-49766 vulnerabilities
Vulnerabilities for packages: airflow, py3-werkzeug, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, emissary, kubeflow-pipelines-visualization-server, superset, mlflow, airflow-core...
Fedora: Security Advisory for mingw-python-werkzeug (FEDORA-2024-48123e7aae)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: mingw-python-werkzeug-3.0.3-1.fc40
MinGW Windows Python werkzeug library...
AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
RHCOS 4 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory. - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 - python-werkzeug:...
PYSEC-2023-221
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing...
Debian DSA-5470-1 : python-werkzeug - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5470 advisory. - Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser m...
The vulnerability of the WSGI Werkzeug web application library relates to the distribution of resources without any restrictions or regulations, allowing a hacker to cause a service failure.
The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure containing a large number of fields. Exploiting this vulnerability can allow an attacker to...
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...