RSS   Vulnerabilities for 'Werkzeug'   RSS

2019-08-09
 
CVE-2019-14806

CWE-331
 

 
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

 
2019-07-28
 
CVE-2019-14322

CWE-22
 

 
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

 
2017-10-23
 
CVE-2016-10516

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.

 

 >>> Vendor: Palletsprojects 3 Products
Werkzeug
Jinja
Flask


Copyright 2021, cxsecurity.com

 

Back to Top