代码拉取完成,页面将自动刷新
一、漏洞信息
漏洞编号:CVE-2024-49766
漏洞归属组件:werkzeug
漏洞归属的版本:3.0.1
组件所在目录:
CVSS V3.0分值:
BaseScore:3.7 Low
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞简述:
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.
漏洞公开时间:2024-10-26 04:15:04
漏洞创建时间:2025-01-11 03:30:08
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2024-49766