DSA-5470-1 python-werkzeug -- python-werkzeugID: oval:org.secpod.oval:def:612606 | Date: (C)2023-08-25 (M)2023-11-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in python-werkzeug, a collection of utilities for WSGI applications. CVE-2023-23934 It was discovered that Werkzeug did not properly handle the parsing of nameless cookies which may allow shadowing of other cookies. CVE-2023-25577 It was discovered that Werkzeug could parse unlimited number of parts, including file parts, which may result in denial of service.
Product: |
python3-werkzeug |
python-werkzeug-doc |