Vulnerabilities > Palletsprojects > Werkzeug
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-25 | CVE-2024-49767 | Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug Werkzeug is a Web Server Gateway Interface web application library. | 7.5 |
2023-10-25 | CVE-2023-46136 | Out-of-bounds Write vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
2023-02-14 | CVE-2023-23934 | Unspecified vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. low complexity palletsprojects | 3.5 |
2023-02-14 | CVE-2023-25577 | Unspecified vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
2022-05-25 | CVE-2022-29361 | HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. | 9.8 |
2020-11-18 | CVE-2020-28724 | Open Redirect vulnerability in Palletsprojects Werkzeug Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 6.1 |
2019-08-09 | CVE-2019-14806 | Insufficient Entropy vulnerability in multiple products Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 |
2019-07-28 | CVE-2019-14322 | Path Traversal vulnerability in Palletsprojects Werkzeug In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 7.5 |
2017-10-23 | CVE-2016-10516 | Cross-site Scripting vulnerability in Palletsprojects Werkzeug Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. | 6.1 |