Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-49766

Опубликовано: 25 окт. 2024
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
Версия до 3.0.6 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00786
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2024-49766

CVSS3: 5.3
ubuntu
около 1 года назад

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

redhat логотип

CVE-2024-49766

CVSS3: 3.7
redhat
около 1 года назад

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

debian логотип

CVE-2024-49766

CVSS3: 5.3
debian
около 1 года назад

Werkzeug is a Web Server Gateway Interface web application library. On ...

github логотип

GHSA-f9vj-2wh5-fj8j

github
около 1 года назад

Werkzeug safe_join not safe on Windows

EPSS

Процентиль: 73%
0.00786
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22