PT-2017-7913 · Pallets+1 · Werkzeug+1

Neargle

·

Publicado

2017-10-23

·

Atualizado

2022-05-14

·

CVE-2016-10516

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 0.11.11
Description A cross-site scripting (XSS) issue exists in the render full function in debug/tbtools.py in the debugger, allowing remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
Recommendations For versions prior to 0.11.11, update to version 0.11.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the debugger to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-10516
DLA-1191-1
GHSA-H2FP-XGX6-XH6F
PYSEC-2017-43
RHSA-2019:3172
USN-3463-1

Produtos afetados

Ubuntu
Werkzeug