14 matches found
CVE-2024-34069
Werkzeug (the Python WSGI library) contains a debugger-only vulnerability tracked as CVE-2024-34069. The issue arises in affected Werkzeug versions where the debugger can let an attacker execute code on a developer’s machine under certain conditions: the attacker must persuade the developer to vi...
CVE-2023-46136
CVE-2023-46136 affects Werkzeug (WSGI library). A crafted multipart upload starting with CR/LF followed by many data bytes can cause the parser to append to an internal buffer and exhaust CPU, leading to DoS. This has been patched in version 3.0.1. IBM/PowerVC and QRadar bulletins referencing the...
CVE-2023-23934
CVE-2023-23934 affects the Werkzeug WSGI library. A bug in parsing nameless cookies (e.g., =__Host-test=bad) can lead to cookie shadowing where the cookie value is set for one subdomain but read as a different key by adjacent subdomains. The issue applies to Werkzeug versions before 2.2.3 and is ...
CVE-2023-25577
Werkzeug prior to 2.2.3 contains a DoS vulnerability in its multipart form data parser that can parse an unlimited number of parts (including file parts). Attacks that send crafted multipart data to endpoints reading request.data, request.form, request.files, or request.get_data(parse_form_data=F...
CVE-2024-49767
CVE-2024-49767 : Werkzeug's MultiPartParser in versions prior to 3.0.6 is vulnerable to a resource-exhaustion DoS when parsing multipart/form-data. A crafted upload can cause the parser to allocate 3–8× the upload size in RAM, with a single 1 Gbit/s upload potentially exhausting ~32 GB in under a...
CVE-2024-49766
CVE-2024-49766 — Werkzeug UNC Path Validation Issue : Werkzeug on Windows with Python <3.11 fails to catch UNC paths in os.path.isabs(), causing safe_join() to produce potentially unsafe paths. Vulnerable scenarios affect apps using Python =3.11 or non-Windows environments are not affected. A ...
CVE-2022-29361
CVE-2022-29361 affects Pallets Werkzeug ≤ 2.1.0 and enables HTTP request smuggling through improper parsing of HTTP requests. Connected sources corroborate the issue, noting potential for web cache poisoning, WAF bypass, and XSS via crafted requests, with vendor guidance that the behavior occurs ...
CVE-2019-14322
CVE-2019-14322 : Pallets Werkzeug before 0.15.5 is vulnerable to directory traversal via SharedDataMiddleware mishandling drive names (e.g., C:) in Windows pathnames. Exploitation could allow remote attackers to view arbitrary files on the system by crafting a URL with Windows drive references. P...
CVE-2019-14806
CVE-2019-14806 affects Pallets Werkzeug prior to 0.15.3 when used with Docker, due to insufficient debugger PIN randomness caused by containers sharing the same machine-id. This enables remote exploitation with network access; CVSSv3 base score 7.5. Remediation is to upgrade Werkzeug to 0.15.3 or...
CVE-2026-27199
CVE-2026-27199 affects Werkzeug. Versions 3.1.5 and earlier allow Windows device names as filenames when the path includes multiple segments, due to incomplete filtering in the safe_join function used by send_from_directory. When running on Windows, a request ending with a device name can open th...
CVE-2016-10516
Affected software: Pallets Werkzeug (Python library) used by Flask. Vulnerable path: render_full in debug/tbtools.py. Root cause: improper validation of user-supplied input via an exception message, enabling cross-site scripting (XSS). Impact: remote attacker could inject arbitrary script into a ...
CVE-2020-28724
CVE-2020-28724 describes an Open Redirect vulnerability in Pallets Werkzeug exposed by URLs containing a double slash, affecting Werkzeug versions before 0.11.6. Multiple advisories (e.g., EulerOS/Ubuntu/Nessus/OpenVAS entries) reference this CVE alongside CVE-2016-10516, indicating the issue lie...
CVE-2025-66221
Werkzeug CVE-2025-66221 affects the safe_join path handling in Werkzeug prior to 3.1.4 on Windows. If a request ends with a Windows device name (e.g., CON, AUX), the file is opened but reading can hang indefinitely when using send_from_directory under a directory. The issue has been patched in 3....
CVE-2026-21860
CVE-2026-21860 affects Werkzeug’s safe_join on Windows, allowing segments with Windows device names (e.g., CON, AUX) plus extensions or trailing spaces in versions prior to 3.1.5. IBM-security notices confirm real-world impact in affiliated products: IBM Watson Discovery Cartridge (InfoSphere/Dis...