CVE-2024-49766 MEDIUM

CVE-2024-49766: Werkzeug safe_join not safe on Windows

Vendor Pallets
Product werkzeug
Weakness CWE-22 · Path traversal
Published October 25, 2024
Last update January 31, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.

Key dates

02Disclosure timeline

October 25, 2024 CVE published
January 31, 2025 Record updated