[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-34069":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":60,"duplicate_of":9,"upstream":62,"downstream":63,"duplicates":100,"related":101,"reserved_at":9,"published_at":126,"modified_at":127,"state":128,"summary":129,"references_raw":136,"kevs":192,"epss":193,"epss_history":196,"metrics":440,"affected":450},"CVE-2024-34069","Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-352","Cross-Site Request Forgery (CSRF)","The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.","weakness","Stable","Compound","Medium",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":25,"name":26,"techniques":27},"CAPEC-462","Cross-Domain Search Timing",[],{"id":29,"name":30,"techniques":31},"CAPEC-467","Cross Site Identification",[],{"id":33,"name":34,"techniques":35},"CAPEC-62","Cross Site Request Forgery",[],[37],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":45,"platforms":46,"requires_auth":47,"exploitdb":9,"metasploit":48},"MSF_EXPLOIT_MULTI_HTTP_WERKZEUG_DEBUG_RCE","Pallete Projects Werkzeug Debugger Remote Code Execution","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/http/werkzeug_debug_rce.rb","weaponized",0.6666666666666666,true,"remote",[],false,{"fullname":49,"rank":50,"rank_name":51,"post_auth":47,"check":44,"notes":52},"exploit/multi/http/werkzeug_debug_rce",400,"good",{"Stability":53,"SideEffects":55,"Reliability":58},[54],"crash-safe",[56,57],"ioc-in-logs","account-lockouts",[59],"repeatable-session",[61],"GHSA-2g68-c3qc-8985",[],[64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98],{"_key":65},"SUSE-SU-2024:1572-1",{"_key":67},"SUSE-SU-2024:1591-2",{"_key":69},"SUSE-SU-2024:1624-2",{"_key":71},"UBUNTU-CVE-2024-34069",{"_key":73},"SUSE-SU-2024:1591-1",{"_key":75},"SUSE-SU-2024:1608-1",{"_key":77},"SUSE-SU-2024:1624-1",{"_key":79},"OPENSUSE-SU-2024:14042-1",{"_key":81},"DLA-4062-1",{"_key":83},"MGASA-2024-0234",{"_key":85},"DEBIAN-CVE-2024-34069",{"_key":87},"USN-6799-1",{"_key":89},"RHSA-2024:10696",{"_key":91},"RHSA-2024:5810",{"_key":93},"RHSA-2024:6016",{"_key":95},"RHSA-2024:9975",{"_key":97},"RHSA-2024:9976",{"_key":99},"RHSA-2025:4664",[],[102,103,104,105,106,107,108,109,110,112,114,116,118,120,122,124],{"_key":65},{"_key":67},{"_key":69},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":83},{"_key":111},"CGA-3R85-33VP-G92X",{"_key":113},"CGA-4J52-QRXR-72WJ",{"_key":115},"CGA-4R26-C6GV-P26Q",{"_key":117},"CGA-GCV3-M4W5-HFR2",{"_key":119},"CGA-MMV2-Q2VV-5J43",{"_key":121},"CGA-V7PM-FGRF-J9WG",{"_key":123},"CGA-X38F-2X56-R747",{"_key":125},"CGA-JV2V-W8C5-PW44","2024-05-06T14:44:38.780Z","2025-02-21T18:03:28.226Z","Analyzed",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":130,"epss_score":131,"severity":130,"severity_score":132,"severity_version":133,"severity_source":134,"severity_vector":135,"severity_status":128},"high",0.4365,7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",[137,146,152,158,162,166,170,175,180,184,188],{"url":138,"sources":139,"tags":142},"https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985",[134,140,141],"nvd","osv_pypi",[143,144,145],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":147,"sources":148,"tags":149},"https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692",[134,140,141],[150,151,145],"X Refsource MISC","Patch",{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/",[134,140],[156,157],"Mailing List","Third Party Advisory",{"url":159,"sources":160,"tags":161},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/",[134,140],[156,157],{"url":163,"sources":164,"tags":165},"https://security.netapp.com/advisory/ntap-20240614-0004/",[134,140],[157],{"url":167,"sources":168,"tags":169},"https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html",[134,140,141],[156,157,145],{"url":171,"sources":172,"tags":173},"https://nvd.nist.gov/vuln/detail/CVE-2024-34069",[141],[174],"Advisory",{"url":176,"sources":177,"tags":178},"https://github.com/pallets/werkzeug",[141],[179],"PACKAGE",{"url":181,"sources":182,"tags":183},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR",[141],[145],{"url":185,"sources":186,"tags":187},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ",[141],[145],{"url":189,"sources":190,"tags":191},"https://security.netapp.com/advisory/ntap-20240614-0004",[141],[145],[],{"date":194,"score":131,"percentile":195},"2026-06-04",0.97588,[197,201,203,206,209,212,214,217,219,222,224,226,228,230,232,236,239,242,246,248,251,254,257,260,262,264,267,270,273,276,278,282,285,287,289,291,294,298,301,304,307,310,312,315,318,321,324,326,328,330,332,334,337,340,344,348,351,353,356,359,362,365,368,371,374,376,379,382,385,387,389,392,395,397,400,403,405,408,410,412,415,418,420,423,426,428,431,433,435,437],{"date":198,"score":199,"percentile":200},"2025-11-04",0.40316,0.97171,{"date":202,"score":199,"percentile":200},"2025-11-05",{"date":204,"score":199,"percentile":205},"2025-11-06",0.97172,{"date":207,"score":199,"percentile":208},"2025-11-07",0.97175,{"date":210,"score":199,"percentile":211},"2025-11-08",0.97174,{"date":213,"score":199,"percentile":211},"2025-11-09",{"date":215,"score":199,"percentile":216},"2025-11-10",0.97173,{"date":218,"score":199,"percentile":216},"2025-11-11",{"date":220,"score":199,"percentile":221},"2025-11-12",0.97176,{"date":223,"score":199,"percentile":221},"2025-11-13",{"date":225,"score":199,"percentile":221},"2025-11-14",{"date":227,"score":199,"percentile":211},"2025-11-15",{"date":229,"score":199,"percentile":221},"2025-11-16",{"date":231,"score":199,"percentile":221},"2025-11-17",{"date":233,"score":234,"percentile":235},"2025-11-18",0.62195,0.98334,{"date":237,"score":234,"percentile":238},"2025-11-19",0.98335,{"date":240,"score":234,"percentile":241},"2025-11-20",0.98337,{"date":243,"score":244,"percentile":245},"2025-11-21",0.40903,0.97208,{"date":247,"score":244,"percentile":245},"2025-11-22",{"date":249,"score":244,"percentile":250},"2025-11-23",0.97207,{"date":252,"score":244,"percentile":253},"2025-11-24",0.9721,{"date":255,"score":244,"percentile":256},"2025-11-25",0.97212,{"date":258,"score":244,"percentile":259},"2025-11-26",0.97211,{"date":261,"score":244,"percentile":256},"2025-11-27",{"date":263,"score":244,"percentile":259},"2025-11-28",{"date":265,"score":199,"percentile":266},"2025-11-29",0.97179,{"date":268,"score":199,"percentile":269},"2025-11-30",0.97177,{"date":271,"score":199,"percentile":272},"2025-12-01",0.97201,{"date":274,"score":199,"percentile":275},"2025-12-02",0.97202,{"date":277,"score":199,"percentile":275},"2025-12-03",{"date":279,"score":280,"percentile":281},"2025-12-04",0.36749,0.96959,{"date":283,"score":280,"percentile":284},"2025-12-05",0.96961,{"date":286,"score":280,"percentile":284},"2025-12-06",{"date":288,"score":280,"percentile":284},"2025-12-07",{"date":290,"score":280,"percentile":284},"2025-12-08",{"date":292,"score":280,"percentile":293},"2025-12-09",0.96962,{"date":295,"score":296,"percentile":297},"2025-12-10",0.41935,0.97275,{"date":299,"score":296,"percentile":300},"2025-12-11",0.97277,{"date":302,"score":296,"percentile":303},"2025-12-12",0.97279,{"date":305,"score":296,"percentile":306},"2025-12-13",0.9728,{"date":308,"score":296,"percentile":309},"2025-12-14",0.97278,{"date":311,"score":296,"percentile":306},"2025-12-15",{"date":313,"score":296,"percentile":314},"2025-12-16",0.97283,{"date":316,"score":296,"percentile":317},"2025-12-17",0.97285,{"date":319,"score":296,"percentile":320},"2025-12-18",0.97286,{"date":322,"score":296,"percentile":323},"2025-12-19",0.97287,{"date":325,"score":296,"percentile":317},"2025-12-20",{"date":327,"score":296,"percentile":314},"2025-12-21",{"date":329,"score":296,"percentile":314},"2025-12-22",{"date":331,"score":296,"percentile":317},"2025-12-23",{"date":333,"score":296,"percentile":320},"2025-12-24",{"date":335,"score":296,"percentile":336},"2025-12-25",0.97288,{"date":338,"score":296,"percentile":339},"2025-12-26",0.9729,{"date":341,"score":342,"percentile":343},"2025-12-27",0.35039,0.96901,{"date":345,"score":346,"percentile":347},"2025-12-28",0.4017,0.97193,{"date":349,"score":346,"percentile":350},"2025-12-29",0.97195,{"date":352,"score":346,"percentile":350},"2025-12-30",{"date":354,"score":346,"percentile":355},"2025-12-31",0.97199,{"date":357,"score":346,"percentile":358},"2026-01-01",0.97226,{"date":360,"score":296,"percentile":361},"2026-01-02",0.9732,{"date":363,"score":296,"percentile":364},"2026-01-03",0.97319,{"date":366,"score":296,"percentile":367},"2026-01-04",0.97297,{"date":369,"score":296,"percentile":370},"2026-01-05",0.97298,{"date":372,"score":296,"percentile":373},"2026-01-06",0.973,{"date":375,"score":296,"percentile":373},"2026-01-07",{"date":377,"score":296,"percentile":378},"2026-01-08",0.97302,{"date":380,"score":296,"percentile":381},"2026-01-09",0.97304,{"date":383,"score":296,"percentile":384},"2026-01-10",0.97305,{"date":386,"score":296,"percentile":381},"2026-01-11",{"date":388,"score":296,"percentile":384},"2026-01-12",{"date":390,"score":296,"percentile":391},"2026-01-13",0.97307,{"date":393,"score":296,"percentile":394},"2026-01-14",0.97311,{"date":396,"score":296,"percentile":394},"2026-01-15",{"date":398,"score":296,"percentile":399},"2026-01-16",0.97313,{"date":401,"score":296,"percentile":402},"2026-01-17",0.97314,{"date":404,"score":296,"percentile":394},"2026-01-18",{"date":406,"score":296,"percentile":407},"2026-01-19",0.97312,{"date":409,"score":296,"percentile":399},"2026-01-20",{"date":411,"score":296,"percentile":402},"2026-01-21",{"date":413,"score":296,"percentile":414},"2026-01-22",0.97315,{"date":416,"score":296,"percentile":417},"2026-01-23",0.97318,{"date":419,"score":296,"percentile":364},"2026-01-24",{"date":421,"score":296,"percentile":422},"2026-01-25",0.97321,{"date":424,"score":296,"percentile":425},"2026-01-26",0.97322,{"date":427,"score":296,"percentile":425},"2026-01-27",{"date":429,"score":296,"percentile":430},"2026-01-28",0.97323,{"date":432,"score":296,"percentile":430},"2026-01-29",{"date":434,"score":296,"percentile":425},"2026-01-30",{"date":436,"score":296,"percentile":430},"2026-01-31",{"date":438,"score":296,"percentile":439},"2026-02-01",0.97344,[441,446,448],{"source":134,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":132,"baseSeverity":443,"vectorString":135,"impactScore":444,"exploitabilityScore":445},"HIGH",9.8,4.1,{"source":140,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":447,"cvss_v4_0":9},{"baseScore":132,"baseSeverity":443,"vectorString":135,"impactScore":444,"exploitabilityScore":445},{"source":141,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":132,"baseSeverity":9,"vectorString":135,"impactScore":444,"exploitabilityScore":445},[451,460,468,477,482],{"ecosystem":9,"name":452,"vendor":453,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"debian linux","debian","debian_linux","o",[457],{"version":458,"is_range":47,"range_type":459,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":461,"vendor":462,"product":461,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"fedora","fedoraproject",[464,466],{"version":465,"is_range":47,"range_type":459,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"38",{"version":467,"is_range":47,"range_type":459,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"40",{"ecosystem":9,"name":469,"vendor":470,"product":469,"cpe_part":471,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"werkzeug","pallets","a",[473],{"version":474,"is_range":44,"range_type":134,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":476,"fixed_in":9},"\u003C 3.0.3","3.0.3","excluding",{"ecosystem":9,"name":469,"vendor":478,"product":469,"cpe_part":471,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":479},"palletsprojects",[480],{"version":481,"is_range":44,"range_type":459,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":476,"fixed_in":9},"lt3.0.3",{"ecosystem":483,"name":469,"vendor":483,"product":469,"cpe_part":9,"purl_type":484,"purl_namespace":9,"purl_name":469,"source":9,"versions":485},"PyPI","pypi",[486],{"version":487,"is_range":44,"range_type":488,"version_start":9,"version_start_type":9,"version_end":475,"version_end_type":476,"fixed_in":9},"lt3_0_3","ecosystem"]