Search CVE reports
1 – 8 of 8 results
CVE-2024-49767
Medium prioritySome fixes available 3 of 6
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all...
2 affected packages
python-werkzeug, quart
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | Fixed | Fixed | Not affected | Not affected | Not affected |
quart | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-49766
Medium priorityWerkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-34069
Medium priorityWerkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-25577
Medium priorityWerkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-23934
Medium priorityWerkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-28724
Medium priorityOpen redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | Not affected | Not affected | Fixed |
CVE-2019-14806
Low prioritySome fixes available 1 of 3
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | Not affected | Fixed | Not affected |
CVE-2016-10516
Medium priorityCross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | — | — | Fixed |