rpm package
opensuse/python-Werkzeug&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-49767 | — | < 3.0.6-1.1 | 3.0.6-1.1 | Oct 25, 2024 | Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively | ||
| CVE-2024-34069 | — | < 3.0.3-1.1 | 3.0.3-1.1 | May 6, 2024 | Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain | ||
| CVE-2023-46136 | Hig | 8.0 | < 3.0.1-1.1 | 3.0.1-1.1 | Oct 25, 2023 | Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are | |
| CVE-2023-25577 | — | < 2.2.3-1.1 | 2.2.3-1.1 | Feb 14, 2023 | Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory | ||
| CVE-2019-14806 | — | < 2.0.1-1.2 | 2.0.1-1.2 | Aug 9, 2019 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. |
- CVE-2024-49767Oct 25, 2024affected < 3.0.6-1.1fixed 3.0.6-1.1
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively
- CVE-2024-34069May 6, 2024affected < 3.0.3-1.1fixed 3.0.3-1.1
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain
- affected < 3.0.1-1.1fixed 3.0.1-1.1
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are
- CVE-2023-25577Feb 14, 2023affected < 2.2.3-1.1fixed 2.2.3-1.1
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory
- CVE-2019-14806Aug 9, 2019affected < 2.0.1-1.2fixed 2.0.1-1.2
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.