Description

** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.

Remediation

References

CVE-2022-29361

Related Vulnerabilities

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

WordPress Plugin NotificationX-WooCommerce Sales Notification Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar SQL Injection (2.8.2)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11495)

WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.5.3.6)

WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)

Severity

Critical

Classification

CVE-2022-29361 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities