Описание
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
Отчет
Red Hat Product Security does not consider this to be a vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 5 | python-werkzeug | Not affected | ||
| Red Hat Ceph Storage 6 | python-werkzeug | Not affected | ||
| Red Hat Enterprise Linux 7 | python-werkzeug | Not affected | ||
| Red Hat Enterprise Linux 8 | python-werkzeug | Not affected | ||
| Red Hat OpenShift Container Platform 4 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 16.2 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 17.1 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 18.0 | python-werkzeug | Not affected | ||
| Red Hat Storage 3 | python-werkzeug | Not affected |
Показывать по
Дополнительная информация
EPSS
Связанные уязвимости
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below ...
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.
Уязвимость библиотеки веб-приложений Pallets Werkzeug, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS