Improve GHSA-q34m-jh98-gwm2

levpachmanov · levpachmanov · commit 964fb1bb99cf · 2026-04-28T15:22:02.000+03:00
diff --git a/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json b/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json
@@ -1,18 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q34m-jh98-gwm2",
-  "modified": "2025-01-03T12:30:30Z",
+  "modified": "2025-01-03T12:31:32Z",
   "published": "2024-10-25T19:44:43Z",
   "aliases": [
     "CVE-2024-49767"
   ],
   "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
   "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
@@ -22,24 +18,21 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "Werkzeug"
+        "name": "werkzeug"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.0.0"
             },
             {
               "fixed": "3.0.6"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 3.0.5"
-      }
+      ]
     },
     {
       "package": {

Original file line number	Diff line number	Diff line change
`@@ -1,18 +1,14 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-q34m-jh98-gwm2",`
`4`		`- "modified": "2025-01-03T12:30:30Z",`
	`4`	`+ "modified": "2025-01-03T12:31:32Z",`
`5`	`5`	`"published": "2024-10-25T19:44:43Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-49767"`
`8`	`8`	`],`
`9`	`9`	`"summary": "Werkzeug possible resource exhaustion when parsing file data in forms",`
`10`	`10`	"details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
`11`	`11`	`"severity": [`
`12`		`- {`
`13`		`- "type": "CVSS_V3",`
`14`		`- "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"`
`15`		`- },`
`16`	`12`	`{`
`17`	`13`	`"type": "CVSS_V4",`
`18`	`14`	`"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"`
`@@ -22,24 +18,21 @@`
`22`	`18`	`{`
`23`	`19`	`"package": {`
`24`	`20`	`"ecosystem": "PyPI",`
`25`		`- "name": "Werkzeug"`
	`21`	`+ "name": "werkzeug"`
`26`	`22`	`},`
`27`	`23`	`"ranges": [`
`28`	`24`	`{`
`29`	`25`	`"type": "ECOSYSTEM",`
`30`	`26`	`"events": [`
`31`	`27`	`{`
`32`		`- "introduced": "0"`
	`28`	`+ "introduced": "2.0.0"`
`33`	`29`	`},`
`34`	`30`	`{`
`35`	`31`	`"fixed": "3.0.6"`
`36`	`32`	`}`
`37`	`33`	`]`
`38`	`34`	`}`
`39`		`- ],`
`40`		`- "database_specific": {`
`41`		`- "last_known_affected_version_range": "<= 3.0.5"`
`42`		`- }`
	`35`	`+ ]`
`43`	`36`	`},`
`44`	`37`	`{`
`45`	`38`	`"package": {`