GHSA-q34m-jh98-gwm2
GitHub Security Advisory
Werkzeug possible resource exhaustion when parsing file data in forms
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.
The `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.
Affected Packages
PyPI
Werkzeug
Affected versions:
0
(fixed in 3.0.6)
PyPI
Quart
Affected versions:
0
(fixed in 0.20.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: September 9, 2025 6:37 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.