Ubuntu Security Update USN-5948-2: Werkzeug vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,931
Reaction score
75
Credits
-1,257
USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934) It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8198-2: Tornado vulnerabilities
Replies
0
Views
110
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8154-2: Django vulnerabilities
Replies
0
Views
175
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8198-1: Tornado vulnerabilities
Replies
0
Views
104
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8190-2: Rack::Session vulnerability
Replies
0
Views
81
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-7093-1: Werkzeug vulnerability
Replies
0
Views
210
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 2,735 (members: 4, guests: 2,731)

Latest posts

Top