16 matches found
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Werkzeug
Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. Multiple vulnerabilities affect Werkzeug. CVE-2024-49767 involves a resource exhaustion vulnerability in the multipart/form-data parser where a specifically crafted form submission can cause the parse...
Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal and Uncontrolled Resource Consumption in Werkzeug (CVE-2024-49766, CVE-2024-49767)
Summary Werkzeug is used by IBM Storage Ceph for the Web Server Gateway Interface. CVE-2024-49766 CVE-2024-49767This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway...
Security Bulletin: Denial of service, directory traversal, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, directory traversal, and others. The vulnerabilities have been addressed. CVE-2024-49767, CVE-2024-49766, CVE-2024-39614, CVE-2024-38875, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-47119,...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface w...
Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538
Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Werkzeug
Summary Multiple vulnerabilities in Werkzeug used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug versi...
SUSE CVE-2024-49766
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
CVE-2024-49766
A flaw was found in Werkzeug. In Python versions below v3.11 on Windows, os.path.isabs does not catch UNC paths such as //server/share. Werkzeug's safejoin relies on this check and can produce a path that is not safe, which can allow unintended access to data...
CVE-2024-49766 vulnerabilities
Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, emissary, superset, py3-werkzeug, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app...
CVE-2024-49766
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2496 more potentially affected by CVE-2024-49766 via werkzeug (>=0.10.1 <=3.0.4)
werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =0.10.3, =1.8.8, =0.8.44.4, =4.2.0, =0.4.0, =0.9.2, =0.1.0, =0.0.1, =0.0.4 - adfotg =0.4.0 and more Source cves: CVE-2024-49766 Source advisory: OSV:GHSA-F9VJ-2WH5-FJ8J...
CVE-2024-49766
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
CVE-2024-49766 Werkzeug safe_join not safe on Windows
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
CVE-2024-49766
CVE-2024-49766 — Werkzeug UNC Path Validation Issue : Werkzeug on Windows with Python <3.11 fails to catch UNC paths in os.path.isabs(), causing safe_join() to produce potentially unsafe paths. Vulnerable scenarios affect apps using Python =3.11 or non-Windows environments are not affected. A ...