Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-werkzeug@0.6.2-1
Typedeb
Namespacedebian
Namepython-werkzeug
Version0.6.2-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.2-3+deb12u1
Latest_non_vulnerable_version2.2.2-3+deb12u1
Affected_by_vulnerabilities
0
url VCID-3t8t-yt9b-1fce
vulnerability_id VCID-3t8t-yt9b-1fce
summary Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
references
0
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
1
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
reference_id
reference_type
scores
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
reference_id
reference_type
scores
0
value 0.00314
scoring_system epss
scoring_elements 0.54554
published_at 2026-04-04T12:55:00Z
1
value 0.00314
scoring_system epss
scoring_elements 0.5453
published_at 2026-04-02T12:55:00Z
2
value 0.00314
scoring_system epss
scoring_elements 0.54455
published_at 2026-04-01T12:55:00Z
3
value 0.00411
scoring_system epss
scoring_elements 0.61409
published_at 2026-04-16T12:55:00Z
4
value 0.00411
scoring_system epss
scoring_elements 0.61321
published_at 2026-04-07T12:55:00Z
5
value 0.00411
scoring_system epss
scoring_elements 0.61368
published_at 2026-04-08T12:55:00Z
6
value 0.00411
scoring_system epss
scoring_elements 0.61384
published_at 2026-04-09T12:55:00Z
7
value 0.00411
scoring_system epss
scoring_elements 0.61405
published_at 2026-04-11T12:55:00Z
8
value 0.00411
scoring_system epss
scoring_elements 0.6139
published_at 2026-04-12T12:55:00Z
9
value 0.00411
scoring_system epss
scoring_elements 0.61371
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
7
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
8
reference_url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
9
reference_url https://github.com/pallets/werkzeug/pull/1001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/pull/1001
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
11
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1512102
reference_id 1512102
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1512102
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
reference_id CVE-2016-10516
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
15
reference_url https://usn.ubuntu.com/3463-1/
reference_id USN-3463-1
reference_type
scores
url https://usn.ubuntu.com/3463-1/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@0.11.15%2Bdfsg1-1%2Bdeb9u1
purl pkg:deb/debian/python-werkzeug@0.11.15%2Bdfsg1-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-56e9-csba-kqa8
1
vulnerability VCID-kycs-rbvn-z3e7
2
vulnerability VCID-qjcy-54yn-qybs
3
vulnerability VCID-qn4r-71h3-sbgb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@0.11.15%252Bdfsg1-1%252Bdeb9u1
aliases CVE-2016-10516, GHSA-h2fp-xgx6-xh6f, PYSEC-2017-43
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3t8t-yt9b-1fce
1
url VCID-56e9-csba-kqa8
vulnerability_id VCID-56e9-csba-kqa8
summary Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14806.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14806.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14806
reference_id
reference_type
scores
0
value 0.00264
scoring_system epss
scoring_elements 0.4979
published_at 2026-04-16T12:55:00Z
1
value 0.00264
scoring_system epss
scoring_elements 0.49688
published_at 2026-04-01T12:55:00Z
2
value 0.00264
scoring_system epss
scoring_elements 0.49725
published_at 2026-04-02T12:55:00Z
3
value 0.00264
scoring_system epss
scoring_elements 0.49752
published_at 2026-04-04T12:55:00Z
4
value 0.00264
scoring_system epss
scoring_elements 0.49703
published_at 2026-04-07T12:55:00Z
5
value 0.00264
scoring_system epss
scoring_elements 0.49758
published_at 2026-04-08T12:55:00Z
6
value 0.00264
scoring_system epss
scoring_elements 0.49753
published_at 2026-04-09T12:55:00Z
7
value 0.00264
scoring_system epss
scoring_elements 0.49771
published_at 2026-04-11T12:55:00Z
8
value 0.00264
scoring_system epss
scoring_elements 0.49743
published_at 2026-04-12T12:55:00Z
9
value 0.00264
scoring_system epss
scoring_elements 0.49744
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14806
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-gq9m-qvpx-68hc
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq9m-qvpx-68hc
7
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
8
reference_url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
9
reference_url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14806
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14806
12
reference_url https://palletsprojects.com/blog/werkzeug-0-15-3-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/werkzeug-0-15-3-released
13
reference_url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1771359
reference_id 1771359
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1771359
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
reference_id 940935
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
16
reference_url https://usn.ubuntu.com/4655-1/
reference_id USN-4655-1
reference_type
scores
url https://usn.ubuntu.com/4655-1/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
purl pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjcy-54yn-qybs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@1.0.1%252Bdfsg1-2%252Bdeb11u1
aliases CVE-2019-14806, GHSA-gq9m-qvpx-68hc, PYSEC-2019-140
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56e9-csba-kqa8
2
url VCID-kycs-rbvn-z3e7
vulnerability_id VCID-kycs-rbvn-z3e7
summary Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50184
published_at 2026-04-16T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.5014
published_at 2026-04-13T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50143
published_at 2026-04-12T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.5017
published_at 2026-04-11T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50153
published_at 2026-04-09T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50159
published_at 2026-04-08T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50105
published_at 2026-04-07T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50155
published_at 2026-04-04T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.50127
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
reference_id 2170243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
reference_id CVE-2023-23934
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
15
reference_url https://github.com/advisories/GHSA-px8h-6qxv-m22q
reference_id GHSA-px8h-6qxv-m22q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px8h-6qxv-m22q
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
19
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
20
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
21
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
purl pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjcy-54yn-qybs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@1.0.1%252Bdfsg1-2%252Bdeb11u1
aliases CVE-2023-23934, GHSA-px8h-6qxv-m22q, PYSEC-2023-57
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kycs-rbvn-z3e7
3
url VCID-q13z-976n-gke3
vulnerability_id VCID-q13z-976n-gke3
summary Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28724.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28724
reference_id
reference_type
scores
0
value 0.00923
scoring_system epss
scoring_elements 0.76023
published_at 2026-04-16T12:55:00Z
1
value 0.00923
scoring_system epss
scoring_elements 0.75984
published_at 2026-04-13T12:55:00Z
2
value 0.00923
scoring_system epss
scoring_elements 0.7599
published_at 2026-04-12T12:55:00Z
3
value 0.00923
scoring_system epss
scoring_elements 0.75926
published_at 2026-04-01T12:55:00Z
4
value 0.00923
scoring_system epss
scoring_elements 0.76013
published_at 2026-04-11T12:55:00Z
5
value 0.00923
scoring_system epss
scoring_elements 0.75989
published_at 2026-04-09T12:55:00Z
6
value 0.00923
scoring_system epss
scoring_elements 0.75974
published_at 2026-04-08T12:55:00Z
7
value 0.00923
scoring_system epss
scoring_elements 0.75941
published_at 2026-04-07T12:55:00Z
8
value 0.00923
scoring_system epss
scoring_elements 0.75962
published_at 2026-04-04T12:55:00Z
9
value 0.00923
scoring_system epss
scoring_elements 0.7593
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28724
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3p3h-qghp-hvh2
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p3h-qghp-hvh2
5
reference_url https://github.com/pallets/flask/issues/1639
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/flask/issues/1639
6
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
7
reference_url https://github.com/pallets/werkzeug/issues/822
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/issues/822
8
reference_url https://github.com/pallets/werkzeug/pull/890/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/pull/890/files
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28724
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28724
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1899267
reference_id 1899267
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1899267
12
reference_url https://usn.ubuntu.com/4655-1/
reference_id USN-4655-1
reference_type
scores
url https://usn.ubuntu.com/4655-1/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@0.11.15%2Bdfsg1-1%2Bdeb9u1
purl pkg:deb/debian/python-werkzeug@0.11.15%2Bdfsg1-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-56e9-csba-kqa8
1
vulnerability VCID-kycs-rbvn-z3e7
2
vulnerability VCID-qjcy-54yn-qybs
3
vulnerability VCID-qn4r-71h3-sbgb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@0.11.15%252Bdfsg1-1%252Bdeb9u1
aliases CVE-2020-28724, GHSA-3p3h-qghp-hvh2, PYSEC-2020-157
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q13z-976n-gke3
4
url VCID-qjcy-54yn-qybs
vulnerability_id VCID-qjcy-54yn-qybs
summary 
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34069.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34069.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34069
reference_id
reference_type
scores
0
value 0.38929
scoring_system epss
scoring_elements 0.97273
published_at 2026-04-16T12:55:00Z
1
value 0.38929
scoring_system epss
scoring_elements 0.97266
published_at 2026-04-13T12:55:00Z
2
value 0.38929
scoring_system epss
scoring_elements 0.97265
published_at 2026-04-12T12:55:00Z
3
value 0.38929
scoring_system epss
scoring_elements 0.97264
published_at 2026-04-11T12:55:00Z
4
value 0.38929
scoring_system epss
scoring_elements 0.97261
published_at 2026-04-09T12:55:00Z
5
value 0.38929
scoring_system epss
scoring_elements 0.9726
published_at 2026-04-08T12:55:00Z
6
value 0.38929
scoring_system epss
scoring_elements 0.97253
published_at 2026-04-07T12:55:00Z
7
value 0.38929
scoring_system epss
scoring_elements 0.97247
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34069
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34069
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34069
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
5
reference_url https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/
url https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692
6
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
7
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34069
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34069
11
reference_url https://security.netapp.com/advisory/ntap-20240614-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0004
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070711
reference_id 1070711
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070711
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279451
reference_id 2279451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279451
14
reference_url https://github.com/advisories/GHSA-2g68-c3qc-8985
reference_id GHSA-2g68-c3qc-8985
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2g68-c3qc-8985
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/
reference_id H4SH32AM3CTPMAAEOIDAN7VU565LO4IR
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/
reference_id HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/
17
reference_url https://security.netapp.com/advisory/ntap-20240614-0004/
reference_id ntap-20240614-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/
url https://security.netapp.com/advisory/ntap-20240614-0004/
18
reference_url https://access.redhat.com/errata/RHSA-2024:10696
reference_id RHSA-2024:10696
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10696
19
reference_url https://access.redhat.com/errata/RHSA-2024:5107
reference_id RHSA-2024:5107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5107
20
reference_url https://access.redhat.com/errata/RHSA-2024:5439
reference_id RHSA-2024:5439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5439
21
reference_url https://access.redhat.com/errata/RHSA-2024:5810
reference_id RHSA-2024:5810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5810
22
reference_url https://access.redhat.com/errata/RHSA-2024:6016
reference_id RHSA-2024:6016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6016
23
reference_url https://access.redhat.com/errata/RHSA-2024:9975
reference_id RHSA-2024:9975
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9975
24
reference_url https://access.redhat.com/errata/RHSA-2024:9976
reference_id RHSA-2024:9976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9976
25
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
26
reference_url https://access.redhat.com/errata/RHSA-2025:9340
reference_id RHSA-2025:9340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9340
27
reference_url https://usn.ubuntu.com/6799-1/
reference_id USN-6799-1
reference_type
scores
url https://usn.ubuntu.com/6799-1/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@2.2.2-3%2Bdeb12u1
purl pkg:deb/debian/python-werkzeug@2.2.2-3%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@2.2.2-3%252Bdeb12u1
aliases CVE-2024-34069, GHSA-2g68-c3qc-8985
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjcy-54yn-qybs
5
url VCID-qn4r-71h3-sbgb
vulnerability_id VCID-qn4r-71h3-sbgb
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-16T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58609
published_at 2026-04-13T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58629
published_at 2026-04-12T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-11T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58632
published_at 2026-04-09T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58625
published_at 2026-04-08T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58573
published_at 2026-04-07T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58603
published_at 2026-04-04T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
15
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
19
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
20
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
21
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
22
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
23
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
24
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
25
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
0
url pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
purl pkg:deb/debian/python-werkzeug@1.0.1%2Bdfsg1-2%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qjcy-54yn-qybs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@1.0.1%252Bdfsg1-2%252Bdeb11u1
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4r-71h3-sbgb
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-werkzeug@0.6.2-1