Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2024-49766 - Vulnerability Database
Werkzeug WSGI

Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2024-49766

Medium
Reference: CVE-2024-49766
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-49766
Title: Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Werkzeug is a Web Server Gateway Interface web application library. On Python lt 3.11 on Windows os.path.isabs() does not catch UNC paths like //server/share. Werkzeug39s safe_join() relies on this check and so can produce a path that is not safe potentially allowing unintended access to data. Applications using Python gt 3.11 or not using Windows are not vulnerable. Werkzeug version 3.0.6 contains a patch.