Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Werkzeug possible resource exhaustion when parsing file data in forms
Vulnerability Description
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Werkzeug 安全漏洞
Vulnerability Description
Werkzeug是Pallets开源的一个全面的 WSGI web 应用程序库。 Werkzeug 3.0.6之前版本存在安全漏洞,该漏洞源于解析multipart/form-data请求时,容易受到拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A