Werkzeug Security Vulnerabilities and Issues — Werkzeug CVE List

Lucene search

PalletsprojectsWerkzeug

5 matches found

cve•added 2024/05/06 3:15 p.m.•608 views

CVE-2024-34069

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and ...

7.5CVSS6.5AI score0.00156EPSS

cve•added 2023/02/14 8:15 p.m.•347 views

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If...

7.5CVSS7.5AI score0.00319EPSS

cve•added 2024/10/25 8:15 p.m.•245 views

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests (e.g. all flask applications) are vulnerable to a relatively simple but effective re...

7.5CVSS7.3AI score0.00609EPSS

cve•added 2019/07/28 1:15 p.m.•231 views

CVE-2019-14322

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

7.5CVSS7.3AI score0.90059EPSS

cve•added 2019/08/09 3:15 p.m.•206 views

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

7.5CVSS7.3AI score0.00224EPSS