CVE-2023-23934
February 14, 2023
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like "=value" instead of "key=value". A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like "=__Host-test=bad" for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie "=__Host-test=bad" as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
Affected Packages
werkzeug (CONDA):
Affected version(s) >=2.1.2 <2.2.3Fix Suggestion:
Update to version 2.2.3werkzeug (CONDA):
Affected version(s) >=0.8.3 <2.1.1Fix Suggestion:
Update to version 2.1.1LostTech.TensorBoard.Python.runtime.win-x64 (NUGET):
Affected version(s) >=2.10.0-CI-2022-08-28-14 <=2.10.0-CI-2022-08-28-15Fix Suggestion:
Update to version no_fixWerkzeug (PYTHON):
Affected version(s) >=0.1 <2.2.3Fix Suggestion:
Update to version 2.2.3Related ResourcesĀ (10)
Do you need more information?
Contact UsCVSS v4
Base Score:
2.1
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.6
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Input Validation
EPSS
Base Score:
0.23
