Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python-werkzeug@2.0.3-5?arch=el8
Typerpm
Namespaceredhat
Namepython-werkzeug
Version2.0.3-5
Qualifiers
arch el8
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-qn4r-71h3-sbgb
vulnerability_id VCID-qn4r-71h3-sbgb
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58624
published_at 2026-04-21T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-18T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-16T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58609
published_at 2026-04-13T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58629
published_at 2026-04-12T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-11T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58625
published_at 2026-04-08T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58573
published_at 2026-04-07T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58603
published_at 2026-04-04T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-02T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.58632
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
15
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
19
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
20
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
21
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
22
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
23
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
24
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
25
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4r-71h3-sbgb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-werkzeug@2.0.3-5%3Farch=el8