Vulnerabilities > Palletsprojects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2024-22195 | Cross-site Scripting vulnerability in Palletsprojects Jinja Jinja is an extensible templating engine. | 6.1 |
| 2023-10-25 | CVE-2023-46136 | Out-of-bounds Write vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
| 2023-05-02 | CVE-2023-30861 | Information Exposure Through Persistent Cookies vulnerability in Palletsprojects Flask Flask is a lightweight WSGI web application framework. | 7.5 |
| 2023-02-14 | CVE-2023-23934 | Improper Input Validation vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 3.5 |
| 2023-02-14 | CVE-2023-25577 | Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
| 2022-05-25 | CVE-2022-29361 | HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. | 9.8 |
| 2021-02-01 | CVE-2020-28493 | Resource Exhaustion vulnerability in multiple products This affects the package jinja2 from 0.0.0 and before 2.11.3. | 5.3 |
| 2020-11-18 | CVE-2020-28724 | Open Redirect vulnerability in Palletsprojects Werkzeug Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 5.8 |
| 2019-08-09 | CVE-2019-14806 | Insufficient Entropy vulnerability in multiple products Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 |
| 2019-07-28 | CVE-2019-14322 | Path Traversal vulnerability in Palletsprojects Werkzeug In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 7.5 |