Palletsprojects: >> Werkzeug Security Vulnerabilities
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-09
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS Score
7.5
EPSS Score
0.901
Published
2019-07-28
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-23
Page 2