Search CVE reports
1 – 6 of 6 results
CVE-2024-34069
Medium priorityWerkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-25577
Medium priorityWerkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-23934
Medium priorityWerkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-28724
Medium priorityOpen redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | Not affected | Not affected | Fixed |
CVE-2019-14806
Low prioritySome fixes available 1 of 3
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | Not affected | Fixed | Not affected |
CVE-2016-10516
Medium priorityCross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary...
1 affected packages
python-werkzeug
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-werkzeug | — | — | — | — | Fixed |