Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/python-werkzeug@2.0.1-5?arch=el9ost
Typerpm
Namespaceredhat
Namepython-werkzeug
Version2.0.1-5
Qualifiers
arch el9ost
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-kycs-rbvn-z3e7
vulnerability_id VCID-kycs-rbvn-z3e7
summary Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50158
published_at 2026-04-21T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.50185
published_at 2026-04-18T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50184
published_at 2026-04-16T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.50155
published_at 2026-04-04T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50105
published_at 2026-04-07T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50159
published_at 2026-04-08T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50127
published_at 2026-04-02T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50153
published_at 2026-04-09T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.5014
published_at 2026-04-13T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.5017
published_at 2026-04-11T12:55:00Z
10
value 0.00267
scoring_system epss
scoring_elements 0.50143
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
reference_id 2170243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
reference_id CVE-2023-23934
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
15
reference_url https://github.com/advisories/GHSA-px8h-6qxv-m22q
reference_id GHSA-px8h-6qxv-m22q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px8h-6qxv-m22q
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
19
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
20
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
21
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-23934, GHSA-px8h-6qxv-m22q, PYSEC-2023-57
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kycs-rbvn-z3e7
1
url VCID-qn4r-71h3-sbgb
vulnerability_id VCID-qn4r-71h3-sbgb
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58624
published_at 2026-04-21T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-18T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-16T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58609
published_at 2026-04-13T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58629
published_at 2026-04-12T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-11T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58625
published_at 2026-04-08T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58573
published_at 2026-04-07T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58603
published_at 2026-04-04T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-02T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.58632
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
11
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
15
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
16
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
17
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
18
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
19
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
20
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
21
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
22
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
23
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
24
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
25
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn4r-71h3-sbgb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-werkzeug@2.0.1-5%3Farch=el9ost