Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-49767

Medium priority

Some fixes available 3 of 6

Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all...

2 affected packages

python-werkzeug, quart

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Fixed Fixed Not affected Not affected Not affected
quart Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2024-49766

Medium priority
Not affected

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path...

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-34069

Medium priority
Fixed

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the...

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-25577

Medium priority
Fixed

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each...

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-23934

Medium priority
Fixed

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to...

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28724

Medium priority
Fixed

Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Not affected Not affected Fixed
Show less packages

CVE-2019-14806

Low priority

Some fixes available 1 of 3

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Not affected Fixed Not affected
Show less packages

CVE-2016-10516

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary...

1 affected packages

python-werkzeug

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-werkzeug Fixed
Show less packages