DEBIAN-CVE-2024-34069
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 06 May 2024, 15:15
Last modified:28 Apr 2026, 20:27
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 May 2024, 15:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:27
Last Modified
Vulnerability information updated
Description
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- debian•python-werkzeug
< 1.0.1+dfsg1-2+deb11u2 | < 2.2.2-3+deb12u1 | < 3.0.3-1 | < 3.0.3-1