Question regarding CVE-2022-29361 #2420
Comments
|
This cve is invalid, if you're running the dev server in production you have bigger security issues. The dev server is never intended to be run in production. The cve is also misattributed, it is about Python's http.server. That said, upgrade Werkzeug |
|
Thank you for your reply. If this is invalid could you please dispute the CVE at mitre? |
|
From past experience, disputing is not worth my time. I don't put much faith in the CVE system now, as it is too easy for anyone to open issues without being involved or understanding them, and the dispute process went nowhere last time I tried. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have a question regarding the HTTP request smuggling vulnerability CVE-2022-29361 in werkzeug.
The resources provided at mitre seem not to be pointing to a fix. I tried to find a fix but was unsuccessful.
Would it be possible for you to link to a fixing commit or provide a security advisory here? Thanks a lot!
The text was updated successfully, but these errors were encountered: