Is CVE-2023-46136 actively exploited?

CVE-2023-46136 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-46136?

CVE-2023-46136 has a CVSS score of 8 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-46136?

Patch guidance is available from palletsprojects security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-46136.

Fix CVE-2023-46136 - HIGH palletsprojects werkzeug

Q: Which products are affected by CVE-2023-46136?

2 products: palletsprojects werkzeug, palletsprojects werkzeug.

Description

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-400 CWE-407 CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: PALLETSPROJECTS
Published: 10/25/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

palletsprojects : werkzeugpalletsprojects : werkzeug

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-46136. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-46136

View on NIST NVD

CVE-2023-46136 vulnerability