CRITICAL🇵🇱 Wersja polska

CVE-2022-29361

CVSS 9.8v3.1pub. 2022-05-25upd. 2024-11-21

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Palletsprojects Werkzeug

    APP
    Palletsprojects
    ≤ 2.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-34069HIGH7.5ten sam produkt

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can al...

CVE-2023-46136HIGH8.0ten sam produkt

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on ...

CVE-2023-25577HIGH7.5ten sam produkt

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form da...

CVE-2019-14806HIGH7.5ten sam produkt

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker...

CVE-2019-14322HIGH7.5ten sam produkt

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnam...