Known Vulnerabilities for products from Palletsprojects
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Palletsprojects".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-28724 | Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 6.1 - MEDIUM | 2020-11-18 | 2020-12-01 |
| CVE-2020-28493 | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re r... | 5.3 - MEDIUM | 2021-02-01 | 2023-11-07 |
| CVE-2019-1010083 | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack ve... | 7.5 - HIGH | 2019-07-17 | 2020-08-24 |
| CVE-2019-14806 | Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers sha... | 7.5 - HIGH | 2019-08-09 | 2023-03-03 |
| CVE-2019-14322 | In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 7.5 - HIGH | 2019-07-28 | 2023-01-31 |
| CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 - HIGH | 2019-04-07 | 2023-11-07 |
| CVE-2018-1000656 | The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can ... | 7.5 - HIGH | 2018-08-20 | 2020-06-09 |
| CVE-2016-10745 | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | 8.6 - HIGH | 2019-04-08 | 2019-06-06 |
| CVE-2016-10516 | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug ... | 6.1 - MEDIUM | 2017-10-23 | 2018-02-04 |