CVE-2024-49766

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 3.0.6

Description: The issue arises from the os.path.isabs() function not correctly handling UNC paths like //server/share on Python versions less than 3.11 on Windows. This affects Werkzeug's safe join() function, which relies on this check, potentially leading to unintended access to data. Applications using Python 3.11 or later, or those not running on Windows, are not affected.

Recommendations: For Werkzeug versions prior to 3.0.6, update to version 3.0.6 to resolve the issue. As a temporary workaround, consider avoiding the use of UNC paths like //server/share in applications using affected versions of Werkzeug until the patch is applied.