VDB
CVE-2019-14322
CVE-2019-14322
PUBLISHED
CVSS 8.699999809265137 HIGH
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
EPSS 90.06% · 99.6th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
90.06%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| palletsprojects | werkzeug | 0 |
| PyPI | werkzeug | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2019-14322 (circl-sighting)
- https://palletsprojects.com/blog/werkzeug-0-15-5-released/ (circl)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- PoC of CVE-2019-14322: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (github-poc-repo)
- Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames (github-poc-repo)
…and 44 more exploits
Timeline
- Jul 28, 2019 CVE Published
- Aug 6, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- May 17, 2021 EPSS Score
- Jul 6, 2021 PoC Published
- Jul 7, 2021 EPSS Score
- Sep 21, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Nov 15, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Mar 27, 2023 EPSS Score
References
- https://www.ibm.com/support/pages/node/7149736 advisory
- https://www.ibm.com/support/pages/node/7150045 advisory
- https://www.ibm.com/support/pages/node/7149967 advisory
- https://www.ibm.com/support/pages/node/7149874 advisory
- https://www.ibm.com/support/pages/node/7150150 advisory
- https://palletsprojects.com/blog/werkzeug-0-15-5-released/ url
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html url
- https://nvd.nist.gov/vuln/detail/CVE-2019-14322 advisory
- https://github.com/pallets/werkzeug url
- https://palletsprojects.com/blog/werkzeug-0-15-5-released url