Description
** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.
Remediation
References
Related Vulnerabilities
WordPress Plugin Titan Framework Cross-Site Scripting (1.7.5)
WordPress Plugin Acunetix Secure WordPress Cross-Site Request Forgery (3.0.2)
WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)
WordPress Plugin WP Post Popup Directory Traversal (2.1.1)
WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)