Snyk finding: SNYK-PYTHON-WERKZEUG-8309092 #4951

FuhuXia · 2024-10-28T17:50:06Z

https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092

Date of report: 2024-10-28
Severity: Medium
Due date: 2025-01-28

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

Upgrade Werkzeug to version 3.0.6 or higher.
CKAN 2.11.0 is using 3.0.3.

FuhuXia added compliance Relating to security compliance or documentation bug Software defect or bug labels Oct 28, 2024

github-project-automation bot added this to data.gov team board Oct 28, 2024

FuhuXia added this to the January 2025 milestone Oct 28, 2024

Bagesary moved this to 🧊 Icebox in data.gov team board Oct 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Snyk finding: SNYK-PYTHON-WERKZEUG-8309092 #4951

Snyk finding: SNYK-PYTHON-WERKZEUG-8309092 #4951

FuhuXia commented Oct 28, 2024

Snyk finding: SNYK-PYTHON-WERKZEUG-8309092 #4951

Snyk finding: SNYK-PYTHON-WERKZEUG-8309092 #4951

Comments

FuhuXia commented Oct 28, 2024

Brief description