VYPR

rpm package

opensuse/python-Werkzeug&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Leap%2015.4

Vulnerabilities (2)

  • CVE-2023-46136HigOct 25, 2023
    affected < 2.3.6-150400.6.6.1fixed 2.3.6-150400.6.6.1

    Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are

  • CVE-2023-25577HigFeb 14, 2023
    affected < 1.0.1-150300.3.3.1fixed 1.0.1-150300.3.3.1

    Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory