CVE-2023-23934

Aliases:GHSA-px8h-6qxv-m22qPYSEC-2023-57

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2023-23934 DLA-3346-1 DSA-5470-1 RHSA-2023:1018 RHSA-2025:4664 RHSA-2025:9775

Modified

Published: 14 Feb 2023, 19:56

Last modified:10 Mar 2025, 21:11

Vulnerability Summary

Overall Risk (default)

low

14/100

CVSS Score

3.5 LOW

v3.1 (nvd)

EPSS Score

0.27% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Feb 2023, 19:56

Published

Vulnerability first disclosed

10 Mar 2025, 21:11

Last Modified

Vulnerability information updated

Description

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.

CVSS Metrics

v3.1•LOW•Score: 2.6CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
v3.1•LOW•Score: 3.5CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Trends

Current EPSS score: 0.27%• Percentile: 50%

Techniques & Countermeasures

CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

pallets•werkzeug
< 2.2.3
palletsprojects•werkzeug
< 2.2.3
PyPI•werkzeug
< cf275f42acad1b5950c50ffe8ef58fe62cdce028 | < 2.2.3