Sign In

CVE-2024-49767

ADVISORY - github

Summary

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting.

The Request.max_content_length setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.

EPSS Score: 0.01183 (0.784)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-400

Uncontrolled Resource Consumption

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-400

Uncontrolled Resource Consumption

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

(CWE-400|CWE-770)

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in