📦 Werkzeug

CVE-2022-29361 is an HTTP request smuggling vulnerability in Pallets Werkzeug v2.1.0 and below that allows attackers to bypass security controls by sending crafted HTTP requests containing multiple re...

Werkzeug versions before 3.0.6 contain a resource exhaustion vulnerability in the MultiPartParser that handles multipart/form-data requests. Attackers can craft malicious upload requests that cause th...

This vulnerability in Werkzeug's debugger allows attackers to execute arbitrary code on a developer's machine if they can trick the developer into interacting with a controlled domain/subdomain and en...

CVE-2023-46136 is a denial-of-service vulnerability in Werkzeug's multipart data parser. Attackers can send specially crafted file uploads that cause excessive CPU consumption, blocking worker process...

CVE-2023-25577 is a denial-of-service vulnerability in Werkzeug's multipart form data parser that allows attackers to cause high CPU and memory consumption by sending crafted requests with unlimited p...

This vulnerability in Werkzeug's safe_join function allows attackers to cause denial of service by requesting paths ending with Windows device names (like CON, AUX). When exploited on Windows systems,...

This vulnerability in Werkzeug's safe_join() function on Windows with Python < 3.11 allows UNC path bypass, potentially enabling directory traversal attacks. Attackers could access files outside inten...