Werkzeug Security Vulnerabilities and Issues — Werkzeug CVE List

Lucene search

PalletsWerkzeug

3 matches found

CVE•added 2024/05/06 3:15 p.m.•599 views

CVE-2024-34069

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and ...

7.5CVSS6.5AI score0.00212EPSS

CVE•added 2024/10/25 8:15 p.m.•235 views

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests (e.g. all flask applications) are vulnerable to a relatively simple but effective re...

7.5CVSS7.3AI score0.00875EPSS

CVE•added 2024/10/25 8:15 p.m.•213 views

CVE-2024-49766

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

6.3CVSS6.5AI score0.00049EPSS