Known Vulnerabilities for products from Palletsprojects
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Palletsprojects".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-22195 json | 6.1 - MEDIUM | 2024-01-11 | 2024-01-27 | |
| CVE-2023-46136 json | Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is follow... | 7.5 - HIGH | 2023-10-25 | 2023-11-01 |
| CVE-2023-30861 json | Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing da... | 7.5 - HIGH | 2023-05-02 | 2023-08-20 |
| CVE-2023-25577 json | Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will ... | 7.5 - HIGH | 2023-02-14 | 2023-08-18 |
| CVE-2023-23934 json | Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` inste... | 3.5 - LOW | 2023-02-14 | 2023-08-18 |
| CVE-2022-29361 json | ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Reques... | 9.8 - CRITICAL | 2022-05-25 | 2023-11-07 |
| CVE-2020-28724 json | Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 6.1 - MEDIUM | 2020-11-18 | 2020-12-01 |
| CVE-2020-28493 json | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re r... | 5.3 - MEDIUM | 2021-02-01 | 2023-11-07 |
| CVE-2019-1010083 json | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack ve... | 7.5 - HIGH | 2019-07-17 | 2020-08-24 |
| CVE-2019-14806 json | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers sha... | 7.5 - HIGH | 2019-08-09 | 2023-03-03 |
| CVE-2019-14322 json | In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 7.5 - HIGH | 2019-07-28 | 2023-01-31 |
| CVE-2019-10906 json | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 - HIGH | 2019-04-07 | 2023-11-07 |
| CVE-2018-1000656 json | The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can ... | 7.5 - HIGH | 2018-08-20 | 2020-06-09 |
| CVE-2016-10745 json | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | 8.6 - HIGH | 2019-04-08 | 2019-06-06 |
| CVE-2016-10516 json | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug ... | 6.1 - MEDIUM | 2017-10-23 | 2018-02-04 |