Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory ...

CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2023-25577)

The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25577 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's...

Fedora 37 : mingw-python-werkzeug (2023-af75e27098)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af75e27098 advisory. Update to python-werkzeug-2.2.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Ubuntu: Security Advisory (USN-5948-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5948-1 python-werkzeug vulnerabilities

It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. CVE-2023-23934 It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacke...

Fedora: Security Advisory for python-werkzeug (FEDORA-2023-729a50a7e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for mingw-python-werkzeug (FEDORA-2023-8d94dccc7e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 38 Update: python-werkzeug-2.2.3-1.fc38

Werkzeug =3D=3D=3D=3D=3D=3D=3D=3D Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility modules. It includes a powerful debugger, full featured request and response objects, HTTP utilities to handle entity tags, cache...

Fedora 38 : python-flask / python-werkzeug (2023-729a50a7e1)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-729a50a7e1 advisory. - Update to 2.2.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

CVE-2023-25577 affecting package python-werkzeug for versions less than 2.0.3-2

CVE-2023-25577 affecting package python-werkzeug for versions less than 2.0.3-2. A patched version of the package is available...

Debian: Security Advisory (DLA-1191-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Debian: Security Advisory (DLA-3346-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3346-1] python-werkzeug security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3346-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler February 27, 2023 https://wiki.debian.org/LTS -...

Debian dla-3346 : python-werkzeug - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3346 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3346-1 [email protected]...

K61918302: ceph-isci-cli vulnerability CVE-2018-14649

Security Advisory Description It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attacker...

CVE-2023-25577

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...