HIGH
Palletsprojects
CVE published 2023-10-25
CVE-2023-46136
CVE-2023-46136 is a denial-of-service issue in Werkzeug’s multipart upload handling. A crafted file upload that begins with CR or LF and is followed by large amounts of data can cause boundary searches to run on a growing buffer, consuming CPU and potentially blocking worker processes that should handle legitimate requests. The issue is fixed in Werkzeug 3.0.1 and 2.3.8.