VYPR

apk package

chainguard/py3-werkzeug

pkg:apk/chainguard/py3-werkzeug

Vulnerabilities (4)

  • CVE-2024-49767Oct 25, 2024
    affected < 3.0.6-r0fixed 3.0.6-r0

    Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively

  • CVE-2024-49766Oct 25, 2024
    affected < 3.0.6-r0fixed 3.0.6-r0

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended

  • CVE-2024-34069May 6, 2024
    affected < 3.0.3-r0fixed 3.0.3-r0

    Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain

  • CVE-2023-46136HigOct 25, 2023
    affected < 3.0.1-r0fixed 3.0.1-r0

    Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are