RHSA-2023:1281: Important: Red Hat OpenStack Platform (python-werkzeug) security update

First published: Wed Mar 15 2023(Updated: )

Werkzeug started as simple collection of various<br>utilities for WSGI applications and has become one of the most advanced<br>WSGI utility modules. It includes a powerful debugger, full featured<br>request and response objects, HTTP utilities to handle entity tags, cache<br>control headers, HTTP dates, cookie handling, file uploads, a powerful URL<br>routing system and a bunch of community contributed addon modules. Werkzeug<br>is unicode aware and doesn't enforce a specific template engine, database<br>adapter or anything else. It doesn't even enforce a specific way of<br>handling requests and leaves all that up to the developer. It's most useful<br>for end user applications which should work on as many server environments<br>as possible (such as blogs, wikis, bulletin boards, etc.).<br>Security Fix(es):<br><li> high resource usage when parsing multipart form data with many fields</li> (CVE-2023-25577)<br>For more details about the security issue(s), including the impact, a CVSS<br>score, acknowledgments, and other related information, refer to the CVE<br>page listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:1281
• agent/software-canonical-lookup
• package-manager/redhat