CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
27.9%
werkzeug is vulnerable to Denial of Service (DoS). An attacker is able to exploit this vulnerability by sending a multipart request to a vulnerable endpoint with a large number of parts. The multipart parser in Werkzeug would then allocate a large amount of memory to process the request, which could eventually exhaust the server’s resources and cause it to crash.
github.com/advisories/GHSA-hrfv-mqp8-q5rw
github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2
github.com/pallets/werkzeug/pull/2801
github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
security.netapp.com/advisory/ntap-20231124-0008/