Pallets Werkzeug vulnerable to Path Traversal · CVE-2019-14322 · GitHub Advisory Database · GitHub

Pallets Werkzeug vulnerable to Path Traversal

High severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Feb 2, 2023

Package

werkzeug (pip)

Affected versions

< 0.15.5

Patched versions

0.15.5

Description

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

References

Published by the National Vulnerability Database

Jul 28, 2019

Published to the GitHub Advisory Database May 24, 2022

Reviewed Feb 2, 2023

Last updated Feb 2, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N