CNNVD-202511-3038 Information

CNNVD ID

CNNVD-202511-3038

Related CVE

CVE-2025-66221

• CNNVD Published: 2025-11-29

Description (Chinese)

Werkzeug是Pallets开源的一个全面的 WSGI web 应用程序库。 Werkzeug 3.1.4之前版本存在安全漏洞，该漏洞源于safe_join函数处理Windows设备名称不当，可能导致文件读取挂起。

Description (English)

Werkzeug is a comprehensive WSGI web application library of Pallets open source. There was a security loophole in the previous version of Werkzeug 3.1.4, which originated from the safe join function, which dealt with the inappropriate name of Windows devices and could lead to the read-and-shipping of documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Pallets

Published

2025-11-29

Last Modified

2026-02-24

References

https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13 https://github.com/pallets/werkzeug/releases/tag/3.1.4 https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2

Patch

https://werkzeug.palletsprojects.com/en/stable/installation/