HTTP Request Smuggling Vulnerability in Pallets Werkzeug v2.1.0 and Below

HTTP Request Smuggling Vulnerability in Pallets Werkzeug v2.1.0 and Below

CVE-2022-29361 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Learn more about our Cis Benchmark Audit For Server Software.