Metrics
Affected Vendors & Products
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Fri, 14 Feb 2025 02:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:/a:redhat:openshift_ai:2.17::el8 | 
Thu, 13 Feb 2025 00:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat Redhat openshift Ai | |
| CPEs | cpe:/a:redhat:openshift_ai:2.16::el8 | |
| Vendors & Products | Redhat Redhat openshift Ai | 
Fri, 03 Jan 2025 12:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Fri, 27 Dec 2024 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 05 Nov 2024 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Palletsprojects quart | |
| CPEs | cpe:2.3:a:palletsprojects:quart:*:*:*:*:*:python:*:* | |
| Vendors & Products | Palletsprojects quart | |
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Sat, 26 Oct 2024 01:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
Fri, 25 Oct 2024 20:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Palletsprojects Palletsprojects werkzeug | |
| CPEs | cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:* | |
| Vendors & Products | Palletsprojects Palletsprojects werkzeug | |
| Metrics | ssvc 
 | 
Fri, 25 Oct 2024 19:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. | |
| Title | Werkzeug possible resource exhaustion when parsing file data in forms | |
| Weaknesses | CWE-400 CWE-770 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-25T19:41:35.029Z
Updated: 2025-01-03T12:04:27.829Z
Reserved: 2024-10-18T13:43:23.457Z
Link: CVE-2024-49767
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-01-03T12:04:27.829Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-10-25T20:15:04.530
Modified: 2025-01-03T12:15:26.257
Link: CVE-2024-49767
 Redhat
                        Redhat
                     ReportizFlow
ReportizFlow