CVE-2022-29361
CRITICAL9.8EPSS 31.1%發布日:2022/5/25修改日:2025/12/3
也稱為:ALPINE-CVE-2022-29361
描述
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
受影響套件(2)
- Alpine/py3-werkzeugfrom 0, < 2.2.2-r0
- PyPI/werkzeugfrom 0, < 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | from 0, < 2.1.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |