PyPI: werkzeug
CVE-2024-49766
Safety vulnerability ID: SFTY-20241025-87783
Safety legacy ID: pyup.io-73969
Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11. The safe_join() function failed to properly detect certain absolute paths on Windows, allowing attackers to potentially access files outside the intended directory. An attacker could craft special paths starting with "/" that bypass the directory restrictions on Windows systems. The vulnerability exists in the safe_join() function which relied solely on os.path.isabs() for path validation. This is exploitable on Windows systems by passing paths starting with "/" to safe_join(). To remediate, upgrade to the latest version which includes additional path validation checks. NOTE: This vulnerability specifically affects Windows systems running Python versions below 3.11 where ntpath.isabs() behavior differs.
Overview
Werkzeug safe_join not safe on Windows
Advisory
Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11. The safe_join() function failed to properly detect certain absolute paths on Windows, allowing attackers to potentially access files outside the intended directory. An attacker could craft special paths starting with "/" that bypass the directory restrictions on Windows systems. The vulnerability exists in the safe_join() function which relied solely on os.path.isabs() for path validation. This is exploitable on Windows systems by passing paths starting with "/" to safe_join(). To remediate, upgrade to the latest version which includes additional path validation checks. NOTE: This vulnerability specifically affects Windows systems running Python versions below 3.11 where ntpath.isabs() behavior differs.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20241025-87783/CVE-2024-49766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49766
- https://github.com/advisories/GHSA-f9vj-2wh5-fj8j
- https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092
- https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j
- https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092
- https://nvd.nist.gov/vuln/detail/CVE-2024-49766
- https://github.com/pallets/werkzeug/releases/tag/3.0.6
- https://security.netapp.com/advisory/ntap-20250131-0005
- https://github.com/advisories/GHSA-f9vj-2wh5-fj8j
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more