CVE-2023-23934 — Improper Input Validation in Werkzeug

CWE-20 — Improper Input Validation11 documents8 sources

Severity

3.5LOWNVD

CNA2.6

EPSS

0.3%

top 49.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pallets Werkzeug Palletsprojects Werkzeug

Timeline

PublishedFeb 14

Latest updateJun 20

Description

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie usi…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5pallets/werkzeug< 2.2.3

▶NVDpalletsprojects/werkzeug< 2.2.3

▶PyPIpalletsprojects/werkzeug< 2.2.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

python-werkzeug vulnerabilities↗2023-03-13

▶

OSV

Incorrect parsing of nameless cookies leads to __Host- cookies bypass↗2023-02-15

▶

GHSA

Incorrect parsing of nameless cookies leads to __Host- cookies bypass↗2023-02-15

▶

OSV

CVE-2023-23934: Werkzeug is a comprehensive WSGI web application library↗2023-02-14

▶

CVEList

Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass↗2023-02-14

▶

📋Vendor Advisories

Ubuntu

Werkzeug vulnerabilities↗2023-06-20

▶

Ubuntu

Werkzeug vulnerabilities↗2023-03-13

▶

Microsoft

Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass↗2023-02-14

▶

Red Hat

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie↗2023-02-14

▶

Debian

CVE-2023-23934: python-werkzeug - Werkzeug is a comprehensive WSGI web application library. Browsers may allow "na...↗2023

▶