Updated python-werkzeug packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10516
Description
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message (CVE-2016-10516).
References
SRPMS
6/core
- python-werkzeug-0.11.3-1.1.mga6
5/core
- python-werkzeug-0.9.4-7.1.mga5