Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/werkzeug@2.3.6
Typepypi
Namespace
Namewerkzeug
Version2.3.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.8
Latest_non_vulnerable_version3.1.6
Affected_by_vulnerabilities
0
url VCID-534z-9duh-c7ck
vulnerability_id VCID-534z-9duh-c7ck
summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
references
0
reference_url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
1
reference_url https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5
2
reference_url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
3
reference_url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
4
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
6
reference_url https://security.netapp.com/advisory/ntap-20231124-0008
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231124-0008
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
reference_id CVE-2023-46136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
8
reference_url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
reference_id GHSA-hrfv-mqp8-q5rw
reference_type
scores
url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
fixed_packages
0
url pkg:pypi/werkzeug@2.3.8
purl pkg:pypi/werkzeug@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.3.8
1
url pkg:pypi/werkzeug@3.0.1
purl pkg:pypi/werkzeug@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.0.1
aliases CVE-2023-46136, GHSA-hrfv-mqp8-q5rw, PYSEC-2023-221
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-534z-9duh-c7ck
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.3.6