2 matches found
USN-5948-1 python-werkzeug vulnerabilities
It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. CVE-2023-23934 It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacke...
PT-2023-22987
Name of the Vulnerable Software and Affected Versions Starlette versions prior to 0.25.0 Description The issue arises from the MultipartParser usage in Encode's Starlette python framework, allowing an unauthenticated and remote attacker to specify any number of form fields or files, which can cau...