Werkzeug possible resource exhaustion when parsing file data in forms
Description
Published to the GitHub Advisory Database
Oct 25, 2024
Reviewed
Oct 25, 2024
Published by the National Vulnerability Database
Oct 25, 2024
Last updated
Nov 5, 2024
Applications using Werkzeug to parse
multipart/form-data
requests are vulnerable to resource exhaustion. A specially crafted form body can bypass theRequest.max_form_memory_size
setting.The
Request.max_content_length
setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.References