CVE-2023-23934
low-risk
Published 2023-02-14
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
Do I need to act?
-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.6/10
Low
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (10)
Release Notes
https://github.com/pallets/werkzeug/releases/tag/2.2.3
Release Notes
https://github.com/pallets/werkzeug/releases/tag/2.2.3
13
/ 100
low-risk
Severity
7/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal