rpm package
opensuse/python-Werkzeug&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Leap%2015.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46136 | Hig | 8.0 | < 2.3.6-150400.6.6.1 | 2.3.6-150400.6.6.1 | Oct 25, 2023 | Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are | |
| CVE-2023-25577 | Hig | 7.5 | < 1.0.1-150300.3.3.1 | 1.0.1-150300.3.3.1 | Feb 14, 2023 | Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory |
- affected < 2.3.6-150400.6.6.1fixed 2.3.6-150400.6.6.1
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are
- affected < 1.0.1-150300.3.3.1fixed 1.0.1-150300.3.3.1
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory