From 964fb1bb99cf96ce7e1566c6071355d3b14ebc81 Mon Sep 17 00:00:00 2001
From: Lev Pachmanov <31389480+levpachmanov@users.noreply.github.com>
Date: Tue, 28 Apr 2026 15:22:02 +0300
Subject: [PATCH] Improve GHSA-q34m-jh98-gwm2

---
 .../GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json  | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json b/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json
index b04ca540e9cda..ea8898ba7db9a 100644
--- a/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json
+++ b/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q34m-jh98-gwm2",
-  "modified": "2025-01-03T12:30:30Z",
+  "modified": "2025-01-03T12:31:32Z",
   "published": "2024-10-25T19:44:43Z",
   "aliases": [
     "CVE-2024-49767"
@@ -9,10 +9,6 @@
   "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
   "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
@@ -22,24 +18,21 @@
     {
       "package": {
         "ecosystem": "PyPI",
-        "name": "Werkzeug"
+        "name": "werkzeug"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.0.0"
             },
             {
               "fixed": "3.0.6"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 3.0.5"
-      }
+      ]
     },
     {
       "package": {