VDB
EN
HIGH 7.5

PYSEC-2026-1860

Werkzeug possible resource exhaustion when parsing file data in forms

상세

Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.

The `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / quart
최초 영향 버전: 0 수정 버전: 0.20.0
수정 pip install --upgrade 'quart>=0.20.0'

참고