The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser(). An attacker can cause the parser to consume more memory than the upload size, in excess of max_form_memory_size, by sending malicious data in a non-file field of a multipart/form-data request.
Introduced through werkzeug@3.0.3, flask@2.2.5 and others
Fixed in werkzeug@3.0.6
Exploit maturity No known exploit
Detailed paths and remediation Introduced through: root@ › werkzeug@3.0.3 Fix: Upgrade werkzeug to version 3.0.6 Introduced through: root@ › flask@2.2.5 › werkzeug@3.0.3 Fix: Pin werkzeug to version 3.0.6 Introduced through: root@* › flask-apispec@0.11.4 › flask@2.2.5 › werkzeug@3.0.3 Fix: Pin werkzeug to version 3.0.6 …and 3 more
Security information Factors contributing to the scoring: Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity NVD: Not available. NVD has not yet published its analysis. Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser(). An attacker can cause the parser to consume more memory than the upload size, in excess of max_form_memory_size, by sending malicious data in a non-file field of a multipart/form-data request.
Completion Criteria