It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service. (CVE-2023-25577)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python-werkzeug" }, { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python-werkzeug-doc" }, { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python3-werkzeug" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python-werkzeug" }, { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python-werkzeug-doc" }, { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python3-werkzeug" } ] }