rpm package

suse/python-Werkzeug&distro=SUSE OpenStack Cloud 8

pkg:rpm/suse/python-Werkzeug&distro=SUSE%20OpenStack%20Cloud%208

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-1625	—	< 0.12.2-3.6.2	0.12.2-3.6.2	Sep 24, 2023	An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the
CVE-2023-25577	—	< 0.12.2-3.6.2	0.12.2-3.6.2	Feb 14, 2023	Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory
CVE-2019-14806	—	< 0.12.2-3.3.1	0.12.2-3.3.1	Aug 9, 2019	Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

CVE-2023-1625Sep 24, 2023
affected < 0.12.2-3.6.2fixed 0.12.2-3.6.2
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the
CVE-2023-25577Feb 14, 2023
affected < 0.12.2-3.6.2fixed 0.12.2-3.6.2
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory
CVE-2019-14806Aug 9, 2019
affected < 0.12.2-3.3.1fixed 0.12.2-3.3.1
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.