Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-06-08 12:29

Modified

2026-06-07 16:45

Summary

Security fixes for CVE-2023-46136, CVE-2024-12797, CVE-2024-34069, CVE-2024-49766, CVE-2024-49767, CVE-2025-62727, CVE-2025-66221, CVE-2026-0994, CVE-2026-21860, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27199, CVE-2026-27205, CVE-2026-27448, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-40217, CVE-2026-40347, CVE-2026-41016, CVE-2026-41018, CVE-2026-41066, CVE-2026-42561, CVE-2026-44307, CVE-2026-44405, CVE-2026-44431, CVE-2026-44432, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-45409, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-48710, CVE-2026-8328, CVE-2026-8838, ghsa-29h4-r29x-hchv, ghsa-29vq-49wr-vm6x, ghsa-2g68-c3qc-8985, ghsa-2vrm-gr82-f7m5, ghsa-3wq7-rqq7-wx6j, ghsa-5239-wwwm-4pmq, ghsa-53mr-6c8q-9789, ghsa-63hf-3vf5-4wqf, ghsa-68rp-wp8r-4726, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-79v4-65xg-pq4g, ghsa-7f5h-v6xp-fcq8, ghsa-7gcm-g887-7qv7, ghsa-87hc-h4r5-73f7, ghsa-966j-vmvw-g2g9, ghsa-c427-h43c-vf67, ghsa-f9vj-2wh5-fj8j, ghsa-fqwm-6jpj-5wxc, ghsa-gc5v-m9x4-r6x2, ghsa-h4gh-qq45-vh27, ghsa-hcc4-c3v8-rx92, ghsa-hg6j-4rv6-33pg, ghsa-hgf8-39gv-g3f2, ghsa-hrfv-mqp8-q5rw, ghsa-jj8c-mmj3-mmgv, ghsa-jjhc-v7c2-5hh6, ghsa-jr27-m4p2-rc6r, ghsa-m5qp-6w8w-w647, ghsa-m959-cc7f-wv43, ghsa-mj87-hwqh-73pj, ghsa-mwh4-6h8g-pg8w, ghsa-p998-jp59-783m, ghsa-q34m-jh98-gwm2, ghsa-qjxf-f2mg-c6mc, ghsa-r6ph-v2qm-q3c2, ghsa-v92g-xgxw-vvmm, ghsa-vfmq-68hx-4jfw, ghsa-w2fm-2cpv-w7v5, ghsa-xqmj-j6mv-4862 applied in versions: 3.2.0-r0, 3.2.0-r1, 3.2.1-r2, 3.2.1-r3

Details

Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2023-46136	WEB
	https://osv.dev/vulnerability/CVE-2024-12797	WEB
	https://osv.dev/vulnerability/CVE-2024-34069	WEB
	https://osv.dev/vulnerability/CVE-2024-49766	WEB
	https://osv.dev/vulnerability/CVE-2024-49767	WEB
	https://osv.dev/vulnerability/CVE-2025-62727	WEB
	https://osv.dev/vulnerability/CVE-2025-66221	WEB
	https://osv.dev/vulnerability/CVE-2026-0994	WEB
	https://osv.dev/vulnerability/CVE-2026-21860	WEB
	https://osv.dev/vulnerability/CVE-2026-22815	WEB
	https://osv.dev/vulnerability/CVE-2026-25645	WEB
	https://osv.dev/vulnerability/CVE-2026-26007	WEB
	https://osv.dev/vulnerability/CVE-2026-27199	WEB
	https://osv.dev/vulnerability/CVE-2026-27205	WEB
	https://osv.dev/vulnerability/CVE-2026-27448	WEB
	https://osv.dev/vulnerability/CVE-2026-27459	WEB
	https://osv.dev/vulnerability/CVE-2026-30922	WEB
	https://osv.dev/vulnerability/CVE-2026-31958	WEB
	https://osv.dev/vulnerability/CVE-2026-32597	WEB
	https://osv.dev/vulnerability/CVE-2026-34073	WEB
	https://osv.dev/vulnerability/CVE-2026-34513	WEB
	https://osv.dev/vulnerability/CVE-2026-34514	WEB
	https://osv.dev/vulnerability/CVE-2026-34515	WEB
	https://osv.dev/vulnerability/CVE-2026-34516	WEB
	https://osv.dev/vulnerability/CVE-2026-34517	WEB
	https://osv.dev/vulnerability/CVE-2026-34518	WEB
	https://osv.dev/vulnerability/CVE-2026-34519	WEB
	https://osv.dev/vulnerability/CVE-2026-34520	WEB
	https://osv.dev/vulnerability/CVE-2026-34525	WEB
	https://osv.dev/vulnerability/CVE-2026-35536	WEB
	https://osv.dev/vulnerability/CVE-2026-40217	WEB
	https://osv.dev/vulnerability/CVE-2026-40347	WEB
	https://osv.dev/vulnerability/CVE-2026-41016	WEB
	https://osv.dev/vulnerability/CVE-2026-41018	WEB
	https://osv.dev/vulnerability/CVE-2026-41066	WEB
	https://osv.dev/vulnerability/CVE-2026-42561	WEB
	https://osv.dev/vulnerability/CVE-2026-44307	WEB
	https://osv.dev/vulnerability/CVE-2026-44405	WEB
	https://osv.dev/vulnerability/CVE-2026-44431	WEB
	https://osv.dev/vulnerability/CVE-2026-44432	WEB
	https://osv.dev/vulnerability/CVE-2026-44681	WEB
	https://osv.dev/vulnerability/CVE-2026-45309	WEB
	https://osv.dev/vulnerability/CVE-2026-4539	WEB
	https://osv.dev/vulnerability/CVE-2026-45409	WEB
	https://osv.dev/vulnerability/CVE-2026-48522	WEB
	https://osv.dev/vulnerability/CVE-2026-48523	WEB
	https://osv.dev/vulnerability/CVE-2026-48524	WEB
	https://osv.dev/vulnerability/CVE-2026-48525	WEB
	https://osv.dev/vulnerability/CVE-2026-48526	WEB
	https://osv.dev/vulnerability/CVE-2026-48710	WEB
	https://osv.dev/vulnerability/CVE-2026-8328	WEB
	https://osv.dev/vulnerability/CVE-2026-8838	WEB
	https://osv.dev/vulnerability/ghsa-29h4-r29x-hchv	WEB
	https://osv.dev/vulnerability/ghsa-29vq-49wr-vm6x	WEB
	https://osv.dev/vulnerability/ghsa-2g68-c3qc-8985	WEB
	https://osv.dev/vulnerability/ghsa-2vrm-gr82-f7m5	WEB
	https://osv.dev/vulnerability/ghsa-3wq7-rqq7-wx6j	WEB
	https://osv.dev/vulnerability/ghsa-5239-wwwm-4pmq	WEB
	https://osv.dev/vulnerability/ghsa-53mr-6c8q-9789	WEB
	https://osv.dev/vulnerability/ghsa-63hf-3vf5-4wqf	WEB
	https://osv.dev/vulnerability/ghsa-68rp-wp8r-4726	WEB
	https://osv.dev/vulnerability/ghsa-752w-5fwx-jx9f	WEB
	https://osv.dev/vulnerability/ghsa-78cv-mqj4-43f7	WEB
	https://osv.dev/vulnerability/ghsa-79v4-65xg-pq4g	WEB
	https://osv.dev/vulnerability/ghsa-7f5h-v6xp-fcq8	WEB
	https://osv.dev/vulnerability/ghsa-7gcm-g887-7qv7	WEB
	https://osv.dev/vulnerability/ghsa-87hc-h4r5-73f7	WEB
	https://osv.dev/vulnerability/ghsa-966j-vmvw-g2g9	WEB
	https://osv.dev/vulnerability/ghsa-c427-h43c-vf67	WEB
	https://osv.dev/vulnerability/ghsa-f9vj-2wh5-fj8j	WEB
	https://osv.dev/vulnerability/ghsa-fqwm-6jpj-5wxc	WEB
	https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2	WEB
	https://osv.dev/vulnerability/ghsa-h4gh-qq45-vh27	WEB
	https://osv.dev/vulnerability/ghsa-hcc4-c3v8-rx92	WEB
	https://osv.dev/vulnerability/ghsa-hg6j-4rv6-33pg	WEB
	https://osv.dev/vulnerability/ghsa-hgf8-39gv-g3f2	WEB
	https://osv.dev/vulnerability/ghsa-hrfv-mqp8-q5rw	WEB
	https://osv.dev/vulnerability/ghsa-jj8c-mmj3-mmgv	WEB
	https://osv.dev/vulnerability/ghsa-jjhc-v7c2-5hh6	WEB
	https://osv.dev/vulnerability/ghsa-jr27-m4p2-rc6r	WEB
	https://osv.dev/vulnerability/ghsa-m5qp-6w8w-w647	WEB
	https://osv.dev/vulnerability/ghsa-m959-cc7f-wv43	WEB
	https://osv.dev/vulnerability/ghsa-mj87-hwqh-73pj	WEB
	https://osv.dev/vulnerability/ghsa-mwh4-6h8g-pg8w	WEB
	https://osv.dev/vulnerability/ghsa-p998-jp59-783m	WEB
	https://osv.dev/vulnerability/ghsa-q34m-jh98-gwm2	WEB
	https://osv.dev/vulnerability/ghsa-qjxf-f2mg-c6mc	WEB
	https://osv.dev/vulnerability/ghsa-r6ph-v2qm-q3c2	WEB
	https://osv.dev/vulnerability/ghsa-v92g-xgxw-vvmm	WEB
	https://osv.dev/vulnerability/ghsa-vfmq-68hx-4jfw	WEB
	https://osv.dev/vulnerability/ghsa-w2fm-2cpv-w7v5	WEB
	https://osv.dev/vulnerability/ghsa-xqmj-j6mv-4862	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-46136	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12797	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-34069	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-49766	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-49767	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62727	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-66221	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-0994	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-21860	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-22815	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25645	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-26007	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27199	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27205	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27448	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27459	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-30922	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-31958	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32597	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34073	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34513	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34514	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34515	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34516	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34517	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34518	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34519	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34520	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34525	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-35536	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-40217	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-40347	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41016	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41018	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41066	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42561	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44307	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44405	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44431	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44432	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44681	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45309	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-4539	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45409	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48522	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48523	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48524	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48525	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48526	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48710	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-8328	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-8838	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "airflow-3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.1-r3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-AZ09261",
  "modified": "2026-06-07T16:45:03Z",
  "published": "2026-06-08T12:29:23.792179Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AZ09261.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-46136"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12797"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-34069"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-49766"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-49767"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62727"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-66221"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-0994"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-21860"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-22815"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25645"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-26007"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27199"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27205"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27448"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27459"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-30922"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-31958"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32597"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34073"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34513"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34514"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34515"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34516"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34517"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34518"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34519"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34520"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34525"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-35536"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-40217"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-40347"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41016"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41018"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41066"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42561"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44307"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44405"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44681"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45309"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-4539"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45409"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48522"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48523"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48524"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48525"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48526"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48710"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-8328"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-8838"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-29h4-r29x-hchv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-29vq-49wr-vm6x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2g68-c3qc-8985"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2vrm-gr82-f7m5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3wq7-rqq7-wx6j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5239-wwwm-4pmq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-53mr-6c8q-9789"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-63hf-3vf5-4wqf"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-68rp-wp8r-4726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-752w-5fwx-jx9f"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-78cv-mqj4-43f7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-79v4-65xg-pq4g"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7f5h-v6xp-fcq8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7gcm-g887-7qv7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-87hc-h4r5-73f7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-966j-vmvw-g2g9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c427-h43c-vf67"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f9vj-2wh5-fj8j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fqwm-6jpj-5wxc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h4gh-qq45-vh27"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hcc4-c3v8-rx92"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hg6j-4rv6-33pg"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hgf8-39gv-g3f2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hrfv-mqp8-q5rw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jj8c-mmj3-mmgv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jjhc-v7c2-5hh6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jr27-m4p2-rc6r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m5qp-6w8w-w647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m959-cc7f-wv43"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mj87-hwqh-73pj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mwh4-6h8g-pg8w"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p998-jp59-783m"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q34m-jh98-gwm2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qjxf-f2mg-c6mc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-r6ph-v2qm-q3c2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-v92g-xgxw-vvmm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vfmq-68hx-4jfw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w2fm-2cpv-w7v5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xqmj-j6mv-4862"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49766"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49767"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66221"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21860"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22815"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27205"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27448"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31958"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34073"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34513"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34514"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34515"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34516"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34517"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34518"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34519"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34520"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34525"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40217"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40347"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41016"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41018"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41066"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42561"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44307"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44405"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44681"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45309"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4539"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48522"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48524"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48710"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8328"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8838"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2023-46136, CVE-2024-12797, CVE-2024-34069, CVE-2024-49766, CVE-2024-49767, CVE-2025-62727, CVE-2025-66221, CVE-2026-0994, CVE-2026-21860, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27199, CVE-2026-27205, CVE-2026-27448, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-40217, CVE-2026-40347, CVE-2026-41016, CVE-2026-41018, CVE-2026-41066, CVE-2026-42561, CVE-2026-44307, CVE-2026-44405, CVE-2026-44431, CVE-2026-44432, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-45409, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-48710, CVE-2026-8328, CVE-2026-8838, ghsa-29h4-r29x-hchv, ghsa-29vq-49wr-vm6x, ghsa-2g68-c3qc-8985, ghsa-2vrm-gr82-f7m5, ghsa-3wq7-rqq7-wx6j, ghsa-5239-wwwm-4pmq, ghsa-53mr-6c8q-9789, ghsa-63hf-3vf5-4wqf, ghsa-68rp-wp8r-4726, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-79v4-65xg-pq4g, ghsa-7f5h-v6xp-fcq8, ghsa-7gcm-g887-7qv7, ghsa-87hc-h4r5-73f7, ghsa-966j-vmvw-g2g9, ghsa-c427-h43c-vf67, ghsa-f9vj-2wh5-fj8j, ghsa-fqwm-6jpj-5wxc, ghsa-gc5v-m9x4-r6x2, ghsa-h4gh-qq45-vh27, ghsa-hcc4-c3v8-rx92, ghsa-hg6j-4rv6-33pg, ghsa-hgf8-39gv-g3f2, ghsa-hrfv-mqp8-q5rw, ghsa-jj8c-mmj3-mmgv, ghsa-jjhc-v7c2-5hh6, ghsa-jr27-m4p2-rc6r, ghsa-m5qp-6w8w-w647, ghsa-m959-cc7f-wv43, ghsa-mj87-hwqh-73pj, ghsa-mwh4-6h8g-pg8w, ghsa-p998-jp59-783m, ghsa-q34m-jh98-gwm2, ghsa-qjxf-f2mg-c6mc, ghsa-r6ph-v2qm-q3c2, ghsa-v92g-xgxw-vvmm, ghsa-vfmq-68hx-4jfw, ghsa-w2fm-2cpv-w7v5, ghsa-xqmj-j6mv-4862 applied in versions: 3.2.0-r0, 3.2.0-r1, 3.2.1-r2, 3.2.1-r3",
  "upstream": [
    "CVE-2023-46136",
    "CVE-2024-12797",
    "CVE-2024-34069",
    "CVE-2024-49766",
    "CVE-2024-49767",
    "CVE-2025-62727",
    "CVE-2025-66221",
    "CVE-2026-0994",
    "CVE-2026-21860",
    "CVE-2026-22815",
    "CVE-2026-25645",
    "CVE-2026-26007",
    "CVE-2026-27199",
    "CVE-2026-27205",
    "CVE-2026-27448",
    "CVE-2026-27459",
    "CVE-2026-30922",
    "CVE-2026-31958",
    "CVE-2026-32597",
    "CVE-2026-34073",
    "CVE-2026-34513",
    "CVE-2026-34514",
    "CVE-2026-34515",
    "CVE-2026-34516",
    "CVE-2026-34517",
    "CVE-2026-34518",
    "CVE-2026-34519",
    "CVE-2026-34520",
    "CVE-2026-34525",
    "CVE-2026-35536",
    "CVE-2026-40217",
    "CVE-2026-40347",
    "CVE-2026-41016",
    "CVE-2026-41018",
    "CVE-2026-41066",
    "CVE-2026-42561",
    "CVE-2026-44307",
    "CVE-2026-44405",
    "CVE-2026-44431",
    "CVE-2026-44432",
    "CVE-2026-44681",
    "CVE-2026-45309",
    "CVE-2026-4539",
    "CVE-2026-45409",
    "CVE-2026-48522",
    "CVE-2026-48523",
    "CVE-2026-48524",
    "CVE-2026-48525",
    "CVE-2026-48526",
    "CVE-2026-48710",
    "CVE-2026-8328",
    "CVE-2026-8838",
    "ghsa-29h4-r29x-hchv",
    "ghsa-29vq-49wr-vm6x",
    "ghsa-2g68-c3qc-8985",
    "ghsa-2vrm-gr82-f7m5",
    "ghsa-3wq7-rqq7-wx6j",
    "ghsa-5239-wwwm-4pmq",
    "ghsa-53mr-6c8q-9789",
    "ghsa-63hf-3vf5-4wqf",
    "ghsa-68rp-wp8r-4726",
    "ghsa-752w-5fwx-jx9f",
    "ghsa-78cv-mqj4-43f7",
    "ghsa-79v4-65xg-pq4g",
    "ghsa-7f5h-v6xp-fcq8",
    "ghsa-7gcm-g887-7qv7",
    "ghsa-87hc-h4r5-73f7",
    "ghsa-966j-vmvw-g2g9",
    "ghsa-c427-h43c-vf67",
    "ghsa-f9vj-2wh5-fj8j",
    "ghsa-fqwm-6jpj-5wxc",
    "ghsa-gc5v-m9x4-r6x2",
    "ghsa-h4gh-qq45-vh27",
    "ghsa-hcc4-c3v8-rx92",
    "ghsa-hg6j-4rv6-33pg",
    "ghsa-hgf8-39gv-g3f2",
    "ghsa-hrfv-mqp8-q5rw",
    "ghsa-jj8c-mmj3-mmgv",
    "ghsa-jjhc-v7c2-5hh6",
    "ghsa-jr27-m4p2-rc6r",
    "ghsa-m5qp-6w8w-w647",
    "ghsa-m959-cc7f-wv43",
    "ghsa-mj87-hwqh-73pj",
    "ghsa-mwh4-6h8g-pg8w",
    "ghsa-p998-jp59-783m",
    "ghsa-q34m-jh98-gwm2",
    "ghsa-qjxf-f2mg-c6mc",
    "ghsa-r6ph-v2qm-q3c2",
    "ghsa-v92g-xgxw-vvmm",
    "ghsa-vfmq-68hx-4jfw",
    "ghsa-w2fm-2cpv-w7v5",
    "ghsa-xqmj-j6mv-4862"
  ]
}

CVE-2023-46136 (GCVE-0-2023-46136)

Vulnerability from cvelistv5 – Published: 2023-10-24 23:48 – Updated: 2026-05-20 22:17

Title

Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Summary

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1 and 2.3.8.

Severity

8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-407 - Inefficient Algorithmic Complexity
CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/werkzeug/commit/f3c803…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2023112…	x_transferred

Impacted products

1 product

Vendor	Product	Version
pallets	werkzeug	Affected: >= 3.0.0, < 3.0.1 Affected: >= 2.0.0rc1, < 2.3.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:37:39.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
          },
          {
            "name": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231124-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0rc1, \u003c 2.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1 and 2.3.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T22:17:43.259Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
        }
      ],
      "source": {
        "advisory": "GHSA-hrfv-mqp8-q5rw",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-46136",
    "datePublished": "2023-10-24T23:48:56.960Z",
    "dateReserved": "2023-10-16T17:51:35.574Z",
    "dateUpdated": "2026-05-20T22:17:43.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-12797 (GCVE-0-2024-12797)

Vulnerability from cvelistv5 – Published: 2025-02-11 15:59 – Updated: 2025-02-18 14:01

Title

RFC7250 handshakes with unauthenticated servers don't abort as expected

Summary

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be vulnerable to man-in-middle attacks when server authentication failure is not detected by clients. RPKs are disabled by default in both TLS clients and TLS servers. The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain. The affected clients are those that then rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER. Clients that enable server-side raw public keys can still find out that raw public key verification failed by calling SSL_get_verify_result(), and those that do, and take appropriate action, are not affected. This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Severity

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-392 - Missing Report of Error Condition

Assigner

openssl

References

7 references

URL	Tags
https://openssl-library.org/news/secadv/20250211.txt	vendor-advisory
https://github.com/openssl/openssl/commit/738d4f9…	patch
https://github.com/openssl/openssl/commit/87ebd20…	patch
https://github.com/openssl/openssl/commit/798779d…	patch
http://www.openwall.com/lists/oss-security/2025/02/11/3
http://www.openwall.com/lists/oss-security/2025/02/11/4
https://security.netapp.com/advisory/ntap-2025021…

Impacted products

1 product

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.4.0 , < 3.4.1 (semver) Affected: 3.3.0 , < 3.3.3 (semver) Affected: 3.2.0 , < 3.2.4 (semver)

Date Public

2025-02-11 14:00

Credits

Apple Inc. Viktor Dukhovni

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:32.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/4"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-12797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T20:24:14.595864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T14:01:55.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.4.1",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.3",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.2.4",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Apple Inc."
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2025-02-11T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\u003cbr\u003eserver may fail to notice that the server was not authenticated, because\u003cbr\u003ehandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\u003cbr\u003eis set.\u003cbr\u003e\u003cbr\u003eImpact summary: TLS and DTLS connections using raw public keys may be\u003cbr\u003evulnerable to man-in-middle attacks when server authentication failure is not\u003cbr\u003edetected by clients.\u003cbr\u003e\u003cbr\u003eRPKs are disabled by default in both TLS clients and TLS servers.  The issue\u003cbr\u003eonly arises when TLS clients explicitly enable RPK use by the server, and the\u003cbr\u003eserver, likewise, enables sending of an RPK instead of an X.509 certificate\u003cbr\u003echain.  The affected clients are those that then rely on the handshake to\u003cbr\u003efail when the server\u0027s RPK fails to match one of the expected public keys,\u003cbr\u003eby setting the verification mode to SSL_VERIFY_PEER.\u003cbr\u003e\u003cbr\u003eClients that enable server-side raw public keys can still find out that raw\u003cbr\u003epublic key verification failed by calling SSL_get_verify_result(), and those\u003cbr\u003ethat do, and take appropriate action, are not affected.  This issue was\u003cbr\u003eintroduced in the initial implementation of RPK support in OpenSSL 3.2.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers.  The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain.  The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected.  This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "High"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392 Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T15:59:36.719Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20250211.txt"
        },
        {
          "name": "3.4.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9"
        },
        {
          "name": "3.3.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699"
        },
        {
          "name": "3.2.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-12797",
    "datePublished": "2025-02-11T15:59:36.719Z",
    "dateReserved": "2024-12-19T13:54:37.212Z",
    "dateUpdated": "2025-02-18T14:01:55.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34069 (GCVE-0-2024-34069)

Vulnerability from cvelistv5 – Published: 2024-05-06 14:44 – Updated: 2025-02-21 18:03

Title

Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

Summary

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

6 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/werkzeug/commit/338639…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2024061…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

2 products

Vendor	Product	Version
pallets	werkzeug	Affected: < 3.0.3
palletsprojects	werkzeug	Affected: 0 , < 3.0.3 (custom) cpe:2.3:a:palletsprojects:werkzeug::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "werkzeug",
            "vendor": "palletsprojects",
            "versions": [
              {
                "lessThan": "3.0.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:54:35.623303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:56:20.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:28.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"
          },
          {
            "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240614-0004/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer\u0027s machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer\u0027s application that will trigger the debugger. This vulnerability is fixed in 3.0.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T13:06:15.610Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240614-0004/"
        }
      ],
      "source": {
        "advisory": "GHSA-2g68-c3qc-8985",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug\u0027s improper usage of a pathname and improper CSRF protection results in the remote command execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34069",
    "datePublished": "2024-05-06T14:44:38.780Z",
    "dateReserved": "2024-04-30T06:56:33.381Z",
    "dateUpdated": "2025-02-21T18:03:28.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49766 (GCVE-0-2024-49766)

Vulnerability from cvelistv5 – Published: 2024-10-25 19:22 – Updated: 2025-01-31 15:02

Title

Werkzeug safe_join not safe on Windows

Summary

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/werkzeug/commit/2767bc…	x_refsource_MISC
https://github.com/pallets/werkzeug/releases/tag/3.0.6	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2025013…

Impacted products

1 product

Vendor	Product	Version
pallets	werkzeug	Affected: < 3.0.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T20:08:46.055184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T20:08:55.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-31T15:02:48.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a Web Server Gateway Interface web application library. On Python \u003c 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug\u0027s safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python \u003e= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-25T19:22:36.380Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092"
        },
        {
          "name": "https://github.com/pallets/werkzeug/releases/tag/3.0.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/releases/tag/3.0.6"
        }
      ],
      "source": {
        "advisory": "GHSA-f9vj-2wh5-fj8j",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug safe_join not safe on Windows"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-49766",
    "datePublished": "2024-10-25T19:22:36.380Z",
    "dateReserved": "2024-10-18T13:43:23.457Z",
    "dateUpdated": "2025-01-31T15:02:48.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49767 (GCVE-0-2024-49767)

Vulnerability from cvelistv5 – Published: 2024-10-25 19:41 – Updated: 2026-05-20 22:24

Title

Werkzeug possible resource exhaustion when parsing file data in forms

Summary

Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

6 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/quart/commit/5e78c4169…	x_refsource_MISC
https://github.com/pallets/quart/commit/abb04a512…	x_refsource_MISC
https://github.com/pallets/werkzeug/commit/50cfee…	x_refsource_MISC
https://github.com/pallets/werkzeug/releases/tag/3.0.6	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2025010…

Impacted products

3 products

Vendor	Product	Version
pallets	werkzeug	Affected: >= 2.0.0rc1, < 3.0.6
pallets	Quart	Affected: < 0.20.0
palletsprojects	werkzeug	Affected: 0 , < 3.0.6 (custom) cpe:2.3:a:palletsprojects:werkzeug::::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "werkzeug",
            "vendor": "palletsprojects",
            "versions": [
              {
                "lessThan": "3.0.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49767",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T20:06:53.070201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T20:07:56.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-03T12:04:27.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250103-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.0.0rc1, \u003c 3.0.6"
            }
          ]
        },
        {
          "product": "Quart",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.20.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T22:24:47.608Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2"
        },
        {
          "name": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee"
        },
        {
          "name": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b"
        },
        {
          "name": "https://github.com/pallets/werkzeug/releases/tag/3.0.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/releases/tag/3.0.6"
        }
      ],
      "source": {
        "advisory": "GHSA-q34m-jh98-gwm2",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug possible resource exhaustion when parsing file data in forms"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-49767",
    "datePublished": "2024-10-25T19:41:35.029Z",
    "dateReserved": "2024-10-18T13:43:23.457Z",
    "dateUpdated": "2026-05-20T22:24:47.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62727 (GCVE-0-2025-62727)

Vulnerability from cvelistv5 – Published: 2025-10-28 20:14 – Updated: 2025-11-04 17:41

Title

Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Summary

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/Kludex/starlette/security/advi…	x_refsource_CONFIRM
https://github.com/Kludex/starlette/commit/4ea6e2…	x_refsource_MISC
https://github.com/Kludex/starlette/commit/69ed26…	x_refsource_MISC
https://github.com/Kludex/starlette/releases/tag/0.49.1	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Kludex	starlette	Affected: >= 0.39.0, < 0.49.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62727",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-28T20:36:34.130234Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-28T20:36:49.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "starlette",
          "vendor": "Kludex",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.39.0, \u003c 0.49.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T17:41:42.316Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
        },
        {
          "name": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
        },
        {
          "name": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Kludex/starlette/commit/69ed26a85956ef4bd0161807eb27abf49be7cd3c"
        },
        {
          "name": "https://github.com/Kludex/starlette/releases/tag/0.49.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Kludex/starlette/releases/tag/0.49.1"
        }
      ],
      "source": {
        "advisory": "GHSA-7f5h-v6xp-fcq8",
        "discovery": "UNKNOWN"
      },
      "title": "Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62727",
    "datePublished": "2025-10-28T20:14:53.655Z",
    "dateReserved": "2025-10-20T19:41:22.742Z",
    "dateUpdated": "2025-11-04T17:41:42.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66221 (GCVE-0-2025-66221)

Vulnerability from cvelistv5 – Published: 2025-11-29 02:28 – Updated: 2025-12-01 15:35

Title

Werkzeug safe_join() allows Windows special device names

Summary

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-67 - Improper Handling of Windows Device Names

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/werkzeug/commit/4b8333…	x_refsource_MISC
https://github.com/pallets/werkzeug/releases/tag/3.1.4	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pallets	werkzeug	Affected: < 3.1.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T15:35:05.219216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T15:35:25.271Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug\u0027s safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-67",
              "description": "CWE-67: Improper Handling of Windows Device Names",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-29T02:28:34.524Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13"
        },
        {
          "name": "https://github.com/pallets/werkzeug/releases/tag/3.1.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/releases/tag/3.1.4"
        }
      ],
      "source": {
        "advisory": "GHSA-hgf8-39gv-g3f2",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug safe_join() allows Windows special device names"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66221",
    "datePublished": "2025-11-29T02:28:34.524Z",
    "dateReserved": "2025-11-24T23:01:29.679Z",
    "dateUpdated": "2025-12-01T15:35:25.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0994 (GCVE-0-2026-0994)

Vulnerability from cvelistv5 – Published: 2026-01-23 14:55 – Updated: 2026-01-30 14:28

Title

Denial of Service in Python Protobuf

Summary

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-674 - Uncontrolled Recursion

Assigner

Google

References

1 reference

URL	Tags
https://github.com/protocolbuffers/protobuf/pull/25239

Impacted products

1 product

Vendor	Product	Version
Python	Protobuf	Affected: <=v33.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-23T15:33:48.514298Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-23T15:34:38.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Protobuf",
          "vendor": "Python",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=v33.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-147",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-147: XML Nested Entity Expansion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-30T14:28:11.435Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/protocolbuffers/protobuf/pull/25239"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service in Python Protobuf",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2026-0994",
    "datePublished": "2026-01-23T14:55:16.876Z",
    "dateReserved": "2026-01-15T15:16:22.904Z",
    "dateUpdated": "2026-01-30T14:28:11.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21860 (GCVE-0-2026-21860)

Vulnerability from cvelistv5 – Published: 2026-01-08 18:34 – Updated: 2026-01-08 18:50

Title

Werkzeug safe_join() allows Windows special device names with compound extensions

Summary

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. This issue has been patched in version 3.1.5.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-67 - Improper Handling of Windows Device Names

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pallets/werkzeug/security/advi…	x_refsource_CONFIRM
https://github.com/pallets/werkzeug/commit/7ae1d2…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pallets	werkzeug	Affected: < 3.1.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-08T18:50:24.550661Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T18:50:34.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "werkzeug",
          "vendor": "pallets",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug\u0027s safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. This issue has been patched in version 3.1.5."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-67",
              "description": "CWE-67: Improper Handling of Windows Device Names",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-08T18:34:05.390Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7"
        },
        {
          "name": "https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3"
        }
      ],
      "source": {
        "advisory": "GHSA-87hc-h4r5-73f7",
        "discovery": "UNKNOWN"
      },
      "title": "Werkzeug safe_join() allows Windows special device names with compound extensions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21860",
    "datePublished": "2026-01-08T18:34:05.390Z",
    "dateReserved": "2026-01-05T16:44:16.367Z",
    "dateUpdated": "2026-01-08T18:50:34.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22815 (GCVE-0-2026-22815)

Vulnerability from cvelistv5 – Published: 2026-04-01 20:08 – Updated: 2026-04-04 03:10

Title

AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

Summary

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.

Severity

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/aio-libs/aiohttp/security/advi…	x_refsource_CONFIRM
https://github.com/aio-libs/aiohttp/commit/0c2e9d…	x_refsource_MISC
https://github.com/aio-libs/aiohttp/releases/tag/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
aio-libs	aiohttp	Affected: < 3.13.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-22815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-04T03:09:26.684383Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-04T03:10:24.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiohttp",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.13.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T20:08:08.800Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4"
        }
      ],
      "source": {
        "advisory": "GHSA-w2fm-2cpv-w7v5",
        "discovery": "UNKNOWN"
      },
      "title": "AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22815",
    "datePublished": "2026-04-01T20:08:08.800Z",
    "dateReserved": "2026-01-09T22:50:10.288Z",
    "dateUpdated": "2026-04-04T03:10:24.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2023-46136 (GCVE-0-2023-46136)

CVE-2024-12797 (GCVE-0-2024-12797)

CVE-2024-34069 (GCVE-0-2024-34069)

CVE-2024-49766 (GCVE-0-2024-49766)

CVE-2024-49767 (GCVE-0-2024-49767)

CVE-2025-62727 (GCVE-0-2025-62727)

CVE-2025-66221 (GCVE-0-2025-66221)

CVE-2026-0994 (GCVE-0-2026-0994)

CVE-2026-21860 (GCVE-0-2026-21860)

CVE-2026-22815 (GCVE-0-2026-22815)

Tags

Sightings

Nomenclature