Skip to content

Commit

Permalink
Latest data: Thu Nov 2 08:04:13 UTC 2023
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Nov 2, 2023
1 parent d2c78b6 commit 3367e3a
Show file tree
Hide file tree
Showing 8 changed files with 329 additions and 1,016 deletions.
159 changes: 158 additions & 1 deletion audits/buku-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -948,12 +948,169 @@
"nvd_published_at": null,
"severity": "HIGH"
}
},
{
"modified": "2023-11-01T18:30:03Z",
"published": "2023-10-25T18:17:00Z",
"schema_version": "1.6.0",
"id": "PYSEC-2023-221",
"aliases": [
"CVE-2023-46136",
"GHSA-hrfv-mqp8-q5rw"
],
"details": "Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "werkzeug",
"purl": "pkg:pypi/werkzeug"
},
"ranges": [
{
"type": "GIT",
"events": [
{
"introduced": "0"
},
{
"fixed": "f3c803b3ade485a45f12b6d6617595350c0f03e2"
}
],
"repo": "https://github.com/pallets/werkzeug"
},
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1"
}
]
}
],
"versions": [
"0.1",
"0.10",
"0.10.1",
"0.10.2",
"0.10.3",
"0.10.4",
"0.11",
"0.11.1",
"0.11.10",
"0.11.11",
"0.11.12",
"0.11.13",
"0.11.14",
"0.11.15",
"0.11.2",
"0.11.3",
"0.11.4",
"0.11.5",
"0.11.6",
"0.11.7",
"0.11.8",
"0.11.9",
"0.12",
"0.12.1",
"0.12.2",
"0.13",
"0.14",
"0.14.1",
"0.15.0",
"0.15.1",
"0.15.2",
"0.15.3",
"0.15.4",
"0.15.5",
"0.15.6",
"0.16.0",
"0.16.1",
"0.2",
"0.3",
"0.3.1",
"0.4",
"0.4.1",
"0.5",
"0.5.1",
"0.6",
"0.6.1",
"0.6.2",
"0.7",
"0.7.1",
"0.7.2",
"0.8",
"0.8.1",
"0.8.2",
"0.8.3",
"0.9",
"0.9.1",
"0.9.2",
"0.9.3",
"0.9.4",
"0.9.5",
"0.9.6",
"1.0.0",
"1.0.0rc1",
"1.0.1",
"2.0.0",
"2.0.0rc1",
"2.0.0rc2",
"2.0.0rc3",
"2.0.0rc4",
"2.0.0rc5",
"2.0.1",
"2.0.2",
"2.0.3",
"2.1.0",
"2.1.1",
"2.1.2",
"2.2.0",
"2.2.0a1",
"2.2.1",
"2.2.2",
"2.2.3",
"2.3.0",
"2.3.1",
"2.3.2",
"2.3.3",
"2.3.4",
"2.3.5",
"2.3.6",
"2.3.7",
"3.0.0"
],
"database_specific": {
"source": "https://github.com/pypa/advisory-database/blob/main/vulns/werkzeug/PYSEC-2023-221.yaml"
}
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
},
{
"type": "ADVISORY",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
}
]
}
],
"groups": [
{
"ids": [
"GHSA-hrfv-mqp8-q5rw"
"GHSA-hrfv-mqp8-q5rw",
"PYSEC-2023-221"
]
}
]
Expand Down
Loading

0 comments on commit 3367e3a

Please sign in to comment.