[Snyk: Medium] werkzeug Allocation of Resources Without Limits or Throttling (Due 12/30/24) #6037
Labels
Security: moderate
Remediate within 60 days
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Introduced through
[email protected], [email protected] and others
Fixed in
[email protected]
Exploit maturity
No known exploit
Detailed paths and remediation
Introduced through: root@* › [email protected]
Fix: Upgrade werkzeug to version 3.0.6
Introduced through: root@* › [email protected] › [email protected]
Fix: Pin werkzeug to version 3.0.6
Introduced through: root@* › [email protected] › [email protected] › [email protected]
Fix: Pin werkzeug to version 3.0.6
…and 3 more
Security information
Factors contributing to the scoring:
Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser(). An attacker can cause the parser to consume more memory than the upload size, in excess of max_form_memory_size, by sending malicious data in a non-file field of a multipart/form-data request.
Completion Criteria
The text was updated successfully, but these errors were encountered: