Open matt-domsch-sp opened 7 months ago
https://github.com/advisories/GHSA-hrfv-mqp8-q5rw https://nvd.nist.gov/vuln/detail/CVE-2023-46136
report this as a moderate to high severity.
httpbin currently has the werkzeug latest 2.3.x branch version 2.3.7, and the upstream 3.0.1 version is the first commit that addresses it. It's unclear if there will be a patch to 2.3.x.
https://github.com/advisories/GHSA-hrfv-mqp8-q5rw https://nvd.nist.gov/vuln/detail/CVE-2023-46136
report this as a moderate to high severity.
httpbin currently has the werkzeug latest 2.3.x branch version 2.3.7, and the upstream 3.0.1 version is the first commit that addresses it. It's unclear if there will be a patch to 2.3.x.