Home > Vulnerability Database > CVE-2024-34069

Mend.io Vulnerability Database

CVE-2024-34069

Good to know:

Date: May 6, 2024

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Language: Python

Severity Score

7.5

Related Resources (11)

Url: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ

Url: https://security.netapp.com/advisory/ntap-20240614-0004

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34069

Url: https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR

Url: https://security.netapp.com/advisory/ntap-20240614-0004/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/

Url: https://github.com/pallets/werkzeug

Url: https://www.mend.io/vulnerability-database/CVE-2024-34069

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version Werkzeug - 3.0.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34069

Good to know:

Date: May 6, 2024

Language: Python

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?