Vulnerabilities > Palletsprojects

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-49767 Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug
Werkzeug is a Web Server Gateway Interface web application library.
network
low complexity
palletsprojects CWE-770
7.5
2024-01-11 CVE-2024-22195 Cross-site Scripting vulnerability in Palletsprojects Jinja
Jinja is an extensible templating engine.
network
low complexity
palletsprojects CWE-79
6.1
2023-10-25 CVE-2023-46136 Out-of-bounds Write vulnerability in Palletsprojects Werkzeug
Werkzeug is a comprehensive WSGI web application library.
network
low complexity
palletsprojects CWE-787
7.5
2023-05-02 CVE-2023-30861 Unspecified vulnerability in Palletsprojects Flask
Flask is a lightweight WSGI web application framework.
network
low complexity
palletsprojects
7.5
2023-02-14 CVE-2023-23934 Unspecified vulnerability in Palletsprojects Werkzeug
Werkzeug is a comprehensive WSGI web application library.
low complexity
palletsprojects
3.5
2023-02-14 CVE-2023-25577 Unspecified vulnerability in Palletsprojects Werkzeug
Werkzeug is a comprehensive WSGI web application library.
network
low complexity
palletsprojects
7.5
2022-05-25 CVE-2022-29361 HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.
network
low complexity
palletsprojects CWE-444
critical
9.8
2021-02-01 CVE-2020-28493 Resource Exhaustion vulnerability in multiple products
This affects the package jinja2 from 0.0.0 and before 2.11.3.
network
low complexity
palletsprojects fedoraproject CWE-400
5.3
2020-11-18 CVE-2020-28724 Open Redirect vulnerability in Palletsprojects Werkzeug
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
network
low complexity
palletsprojects CWE-601
6.1
2019-08-09 CVE-2019-14806 Insufficient Entropy vulnerability in multiple products
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
network
low complexity
palletsprojects opensuse CWE-331
7.5