CVE-2022-29361

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in pypi/Werkzeug

Identifiers

CVE-2022-29361

Package Slug

pypi/Werkzeug

Vulnerability

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Description

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Affected Versions

All versions up to 2.1.0

Solution

Upgrade to version 2.1.1 or above.

Last Modified

2023-11-08

source