CVE-2023-23934 – werkzeug

Package

Manager: pip
Name: werkzeug
Vulnerable Version: >=0 <2.2.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00268 pctl0.50023

Details

Incorrect parsing of nameless cookies leads to __Host- cookies bypass Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug <= 2.2.2 will parse the cookie `=__Host-test=bad` as `__Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.

Metadata

Created: 2023-02-15T15:37:03Z
Modified: 2024-11-19T19:04:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-px8h-6qxv-m22q/GHSA-px8h-6qxv-m22q.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-px8h-6qxv-m22q
Finding: F184
Auto approve: 1