Lucene search

CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass

🗓️ 14 Feb 2023 19:22:56Reported by GitHub_MType

Incorrect parsing of nameless cookies in Werkzeug librar

Reporter	Title	Published	Views	Family All 74
Veracode	Authorization Bypass	16 Feb 202307:44	–	veracode
RedhatCVE	CVE-2023-23934	16 Feb 202300:29	–	redhatcve
Tenable Nessus	Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-149)	4 Apr 202300:00	–	nessus
Tenable Nessus	Debian dla-3346 : python-werkzeug - security update	27 Feb 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)	9 Jun 202300:00	–	nessus
Tenable Nessus	RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)	28 Apr 202400:00	–	nessus
Tenable Nessus	Oracle Linux 8 : python-werkzeug (ELSA-2023-12709)	15 Aug 202300:00	–	nessus
Tenable Nessus	Fedora 38 : mingw-python-werkzeug (2023-8d94dccc7e)	11 Mar 202300:00	–	nessus
Tenable Nessus	Ubuntu 23.04 : Werkzeug vulnerabilities (USN-5948-2)	20 Jun 202300:00	–	nessus
Tenable Nessus	Debian DSA-5470-1 : python-werkzeug - security update	7 Aug 202300:00	–	nessus

[
  {
    "vendor": "pallets",
    "product": "werkzeug",
    "versions": [
      {
        "version": "< 2.2.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/pallets/werkzeug/releases/tag/2.2.3
security	www.security.netapp.com/advisory/ntap-20230818-0003/
github	www.github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
debian	www.debian.org/security/2023/dsa-5470
github	www.github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Feb 2023 19:56Current

5.5Medium risk

Vulners AI Score5.5

CVSS32.6

EPSS0.00133

CWE-20