CVE-2022-29361

Published: May 24, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85

x_refsource_MISC

https://github.com/pallets/werkzeug/issues/2420

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-29361

Description

Affected Products

References