PyPI: werkzeug

CVE-2020-28724

Safety vulnerability ID: SFTY-20201118-54111

Safety legacy ID: pyup.io-39160

Werkzeug before 0.11.6 includes an open redirect vulnerability via a double slash in the URL. See CVE-2020-28724.

PyPI

NVD

GHSA

Created at: Nov 6, 2025Updated at: Nov 6, 2025

Overview

Open Redirect in werkzeug

Advisory

Werkzeug before 0.11.6 includes an open redirect vulnerability via a double slash in the URL. See CVE-2020-28724.

Affected Package

Affecting werkzeug package, versions

<0.11.6

Also affects

---

How to Fix

Upgrade

werkzeug

0.11.6

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20201118-54111/CVE-2020-28724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724
https://github.com/pallets/flask/issues/1639
https://github.com/pallets/werkzeug/issues/822
https://github.com/pallets/werkzeug/pull/890/files
https://nvd.nist.gov/vuln/detail/CVE-2020-28724
https://github.com/pallets/flask/issues/1639
https://github.com/pallets/werkzeug/issues/822
https://github.com/pallets/werkzeug/pull/890/files
https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml
https://github.com/advisories/GHSA-3p3h-qghp-hvh2

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more