Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/werkzeug@0.9.3
Typepypi
Namespace
Namewerkzeug
Version0.9.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.8
Latest_non_vulnerable_version3.1.6
Affected_by_vulnerabilities
0
url VCID-4fuv-yjt6-43ap
vulnerability_id VCID-4fuv-yjt6-43ap
summary Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50309
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23934
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
4
reference_url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
5
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
6
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml
8
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
9
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://www.debian.org/security/2023/dsa-5470
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
reference_id 2170243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170243
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
reference_id CVE-2023-23934
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23934
13
reference_url https://github.com/advisories/GHSA-px8h-6qxv-m22q
reference_id GHSA-px8h-6qxv-m22q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px8h-6qxv-m22q
14
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 2.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
15
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
16
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
17
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
18
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
19
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
0
url pkg:pypi/werkzeug@2.2.3
purl pkg:pypi/werkzeug@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.2.3
aliases CVE-2023-23934, GHSA-px8h-6qxv-m22q, PYSEC-2023-57
risk_score 1.1
exploitability 0.5
weighted_severity 2.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fuv-yjt6-43ap
1
url VCID-54fk-29p6-2ber
vulnerability_id VCID-54fk-29p6-2ber
summary Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
2
reference_url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
3
reference_url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
4
reference_url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
fixed_packages
0
url pkg:pypi/werkzeug@0.15.3
purl pkg:pypi/werkzeug@0.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-6xzm-mpqk-wuab
2
vulnerability VCID-7c89-xxdz-gqbz
3
vulnerability VCID-msnt-5ypc-z3bc
4
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.3
aliases PYSEC-2019-70
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54fk-29p6-2ber
2
url VCID-6xzm-mpqk-wuab
vulnerability_id VCID-6xzm-mpqk-wuab
summary ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29361
reference_id
reference_type
scores
0
value 0.31113
scoring_system epss
scoring_elements 0.96832
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29361
1
reference_url https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85
2
reference_url https://github.com/pallets/werkzeug/issues/2420
reference_id
reference_type
scores
url https://github.com/pallets/werkzeug/issues/2420
fixed_packages
0
url pkg:pypi/werkzeug@2.1.1
purl pkg:pypi/werkzeug@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-msnt-5ypc-z3bc
2
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.1.1
aliases CVE-2022-29361, PYSEC-2022-203
risk_score 0.1
exploitability 0.5
weighted_severity 0.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xzm-mpqk-wuab
3
url VCID-7c89-xxdz-gqbz
vulnerability_id VCID-7c89-xxdz-gqbz
summary
references
0
reference_url http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14322
reference_id
reference_type
scores
0
value 0.90059
scoring_system epss
scoring_elements 0.99601
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14322
2
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
3
reference_url https://palletsprojects.com/blog/werkzeug-0-15-5-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/werkzeug-0-15-5-released
4
reference_url https://palletsprojects.com/blog/werkzeug-0-15-5-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/werkzeug-0-15-5-released/
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50101.py
reference_id CVE-2019-14322
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50101.py
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14322
reference_id CVE-2019-14322
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14322
fixed_packages
0
url pkg:pypi/werkzeug@0.15.5
purl pkg:pypi/werkzeug@0.15.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-6xzm-mpqk-wuab
2
vulnerability VCID-msnt-5ypc-z3bc
3
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.5
aliases CVE-2019-14322, GHSA-j544-7q9p-6xp8
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c89-xxdz-gqbz
4
url VCID-ahr6-vfgq-kbe4
vulnerability_id VCID-ahr6-vfgq-kbe4
summary Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14806
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49422
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14806
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-gq9m-qvpx-68hc
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq9m-qvpx-68hc
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
7
reference_url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml
9
reference_url https://palletsprojects.com/blog/werkzeug-0-15-3-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://palletsprojects.com/blog/werkzeug-0-15-3-released
10
reference_url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
reference_id
reference_type
scores
url https://palletsprojects.com/blog/werkzeug-0-15-3-released/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
reference_id 940935
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14806
reference_id CVE-2019-14806
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14806
13
reference_url https://usn.ubuntu.com/4655-1/
reference_id USN-4655-1
reference_type
scores
url https://usn.ubuntu.com/4655-1/
fixed_packages
0
url pkg:pypi/werkzeug@0.15.3
purl pkg:pypi/werkzeug@0.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-6xzm-mpqk-wuab
2
vulnerability VCID-7c89-xxdz-gqbz
3
vulnerability VCID-msnt-5ypc-z3bc
4
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.3
aliases CVE-2019-14806, GHSA-gq9m-qvpx-68hc, PYSEC-2019-140
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahr6-vfgq-kbe4
5
url VCID-gst3-jbgb-9fba
vulnerability_id VCID-gst3-jbgb-9fba
summary Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28724
reference_id
reference_type
scores
0
value 0.00923
scoring_system epss
scoring_elements 0.76334
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28724
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/advisories/GHSA-3p3h-qghp-hvh2
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p3h-qghp-hvh2
3
reference_url https://github.com/pallets/flask/issues/1639
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/flask/issues/1639
4
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
5
reference_url https://github.com/pallets/werkzeug/issues/822
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/issues/822
6
reference_url https://github.com/pallets/werkzeug/pull/890/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/pull/890/files
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28724
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28724
9
reference_url https://usn.ubuntu.com/4655-1/
reference_id USN-4655-1
reference_type
scores
url https://usn.ubuntu.com/4655-1/
fixed_packages
0
url pkg:pypi/werkzeug@0.11.6
purl pkg:pypi/werkzeug@0.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-54fk-29p6-2ber
2
vulnerability VCID-6xzm-mpqk-wuab
3
vulnerability VCID-7c89-xxdz-gqbz
4
vulnerability VCID-ahr6-vfgq-kbe4
5
vulnerability VCID-msnt-5ypc-z3bc
6
vulnerability VCID-q2zh-uejx-pkax
7
vulnerability VCID-z9pv-rffa-yfed
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.11.6
aliases CVE-2020-28724, GHSA-3p3h-qghp-hvh2, PYSEC-2020-157
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gst3-jbgb-9fba
6
url VCID-msnt-5ypc-z3bc
vulnerability_id VCID-msnt-5ypc-z3bc
summary Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58873
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25577
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
4
reference_url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
5
reference_url https://github.com/pallets/werkzeug/releases/tag/2.2.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/releases/tag/2.2.3
6
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml
8
reference_url https://security.netapp.com/advisory/ntap-20230818-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0003
9
reference_url https://www.debian.org/security/2023/dsa-5470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://www.debian.org/security/2023/dsa-5470
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id 1031370
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id 2170242
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2170242
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
reference_id CVE-2023-25577
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25577
13
reference_url https://github.com/advisories/GHSA-xg9f-g7g7-2323
reference_id GHSA-xg9f-g7g7-2323
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg9f-g7g7-2323
14
reference_url https://security.netapp.com/advisory/ntap-20230818-0003/
reference_id ntap-20230818-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/
url https://security.netapp.com/advisory/ntap-20230818-0003/
15
reference_url https://access.redhat.com/errata/RHSA-2023:1018
reference_id RHSA-2023:1018
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1018
16
reference_url https://access.redhat.com/errata/RHSA-2023:1281
reference_id RHSA-2023:1281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1281
17
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
18
reference_url https://access.redhat.com/errata/RHSA-2023:7341
reference_id RHSA-2023:7341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7341
19
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
20
reference_url https://access.redhat.com/errata/RHSA-2025:4664
reference_id RHSA-2025:4664
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4664
21
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
22
reference_url https://usn.ubuntu.com/5948-1/
reference_id USN-5948-1
reference_type
scores
url https://usn.ubuntu.com/5948-1/
23
reference_url https://usn.ubuntu.com/5948-2/
reference_id USN-5948-2
reference_type
scores
url https://usn.ubuntu.com/5948-2/
fixed_packages
0
url pkg:pypi/werkzeug@2.2.3
purl pkg:pypi/werkzeug@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.2.3
aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msnt-5ypc-z3bc
7
url VCID-q2zh-uejx-pkax
vulnerability_id VCID-q2zh-uejx-pkax
summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
reference_id
reference_type
scores
0
value 0.00878
scoring_system epss
scoring_elements 0.75641
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46136
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
4
reference_url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
5
reference_url https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5
6
reference_url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9
7
reference_url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
8
reference_url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml
10
reference_url https://security.netapp.com/advisory/ntap-20231124-0008
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231124-0008
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
reference_id 1054553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
reference_id 2246310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246310
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
reference_id CVE-2023-46136
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46136
14
reference_url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
reference_id GHSA-hrfv-mqp8-q5rw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hrfv-mqp8-q5rw
15
reference_url https://access.redhat.com/errata/RHSA-2023:7473
reference_id RHSA-2023:7473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7473
16
reference_url https://access.redhat.com/errata/RHSA-2023:7477
reference_id RHSA-2023:7477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7477
17
reference_url https://access.redhat.com/errata/RHSA-2023:7610
reference_id RHSA-2023:7610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7610
18
reference_url https://access.redhat.com/errata/RHSA-2024:0189
reference_id RHSA-2024:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0189
19
reference_url https://access.redhat.com/errata/RHSA-2024:0214
reference_id RHSA-2024:0214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0214
20
reference_url https://access.redhat.com/errata/RHSA-2025:9775
reference_id RHSA-2025:9775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9775
fixed_packages
0
url pkg:pypi/werkzeug@2.3.8
purl pkg:pypi/werkzeug@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.3.8
1
url pkg:pypi/werkzeug@3.0.1
purl pkg:pypi/werkzeug@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.0.1
aliases CVE-2023-46136, GHSA-hrfv-mqp8-q5rw, PYSEC-2023-221
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2zh-uejx-pkax
8
url VCID-z9pv-rffa-yfed
vulnerability_id VCID-z9pv-rffa-yfed
summary Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
references
0
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger
1
reference_url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
reference_id
reference_type
scores
url http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
reference_id
reference_type
scores
0
value 0.00411
scoring_system epss
scoring_elements 0.61647
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10516
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h2fp-xgx6-xh6f
5
reference_url https://github.com/pallets/werkzeug
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug
6
reference_url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
7
reference_url https://github.com/pallets/werkzeug/pull/1001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pallets/werkzeug/pull/1001
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
reference_id CVE-2016-10516
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10516
11
reference_url https://usn.ubuntu.com/3463-1/
reference_id USN-3463-1
reference_type
scores
url https://usn.ubuntu.com/3463-1/
fixed_packages
0
url pkg:pypi/werkzeug@0.11.11
purl pkg:pypi/werkzeug@0.11.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fuv-yjt6-43ap
1
vulnerability VCID-54fk-29p6-2ber
2
vulnerability VCID-6xzm-mpqk-wuab
3
vulnerability VCID-7c89-xxdz-gqbz
4
vulnerability VCID-ahr6-vfgq-kbe4
5
vulnerability VCID-msnt-5ypc-z3bc
6
vulnerability VCID-q2zh-uejx-pkax
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.11.11
aliases CVE-2016-10516, GHSA-h2fp-xgx6-xh6f, PYSEC-2017-43
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9pv-rffa-yfed
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.9.3