Vulnerabilities > Palletsprojects > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-49767 Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug
Werkzeug is a Web Server Gateway Interface web application library.
network
low complexity
palletsprojects CWE-770
7.5
7.5
2023-10-25 CVE-2023-46136 Out-of-bounds Write vulnerability in Palletsprojects Werkzeug
Werkzeug is a comprehensive WSGI web application library.
network
low complexity
palletsprojects CWE-787
7.5
7.5
2023-05-02 CVE-2023-30861 Information Exposure Through Persistent Cookies vulnerability in Palletsprojects Flask
Flask is a lightweight WSGI web application framework.
network
low complexity
palletsprojects CWE-539
7.5
7.5
2023-02-14 CVE-2023-25577 Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug
Werkzeug is a comprehensive WSGI web application library.
network
low complexity
palletsprojects CWE-770
7.5
7.5
2019-08-09 CVE-2019-14806 Insufficient Entropy vulnerability in multiple products
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
network
low complexity
palletsprojects opensuse CWE-331
7.5
7.5
2019-07-28 CVE-2019-14322 Path Traversal vulnerability in Palletsprojects Werkzeug
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
network
low complexity
palletsprojects CWE-22
7.5
7.5
2019-04-07 CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. 8.6
8.6