Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 847982 (CVE-2022-29361)

Summary: dev-python/werkzeug: http request smuggling
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: mgorny, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/pallets/werkzeug/issues/2420
Whiteboard: B4 [??]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:20:02 UTC
CVE-2022-29361:

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.

No useful information at URL, so not sure what to make of this.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-05-29 06:20:41 UTC
See https://github.com/pallets/werkzeug/issues/2420, it seems to be some pseudo-security spam.