Palletsprojects: >> Werkzeug Security Vulnerabilities
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-11-18
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-09
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS Score
7.5
EPSS Score
0.901
Published
2019-07-28
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-23
Page 2