Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HPalletsprojects Click
APPPalletsprojects< 8.3.3
Related vulnerabilities
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Reques...
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can al...
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on ...
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a respons...
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form da...