7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
50.7%
A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields.
internal resource consumption when parsing data from a composite form with a large number of fields.
Exploitation of the vulnerability could allow an attacker acting remotely to cause resource exhaustion and
and execute a denial of service attack.
A vulnerability in the WSGI Werkzeug web application library is related to insufficient validation of “unnamed” cookies.
cookies. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate the
cookie values for an arbitrary domain.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-werkzeug | <= 2.2.3-1 | UNKNOWN |