Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-14322Path Traversal in Werkzeug

CWE-22Path Traversal7 documents7 sources
Severity
7.5HIGHNVD
EPSS
90.1%
top 0.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Palletsprojects Werkzeug
Timeline
PublishedJul 28
Latest updateMay 24

Description

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
OSV
Pallets Werkzeug vulnerable to Path Traversal2022-05-24
GHSA
Pallets Werkzeug vulnerable to Path Traversal2022-05-24
CVEList
CVE-2019-14322: In Pallets Werkzeug before 02019-07-28

💥Exploits & PoCs

2
Exploit-DB
Pallets Werkzeug 0.15.4 - Path Traversal2021-07-06
Nuclei
Pallets Werkzeug <0.15.5 - Local File Inclusion

📋Vendor Advisories

1
Debian
CVE-2019-14322: python-werkzeug - In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (...2019
CVE-2019-14322 — Path Traversal in Werkzeug | cvebase