Download
| Alert*
oval:org.secpod.oval:def:19500053
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdom ... oval:org.secpod.oval:def:93365 Several vulnerabilities were discovered in python-werkzeug, a collection of utilities for WSGI applications. CVE-2023-23934 It was discovered that Werkzeug did not properly handle the parsing of nameless cookies which may allow shadowing of other cookies. CVE-2023-25577 It was discovered that Werkze ... oval:org.secpod.oval:def:708259 python-werkzeug: collection of utilities for WSGI applications Details: USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Original advisory Several security issues were fixed in Werkzeug. oval:org.secpod.oval:def:89495 python-werkzeug: documentation for the werkzeug Python library Several security issues were fixed in Werkzeug. oval:org.secpod.oval:def:708025 python-werkzeug: documentation for the werkzeug Python library Several security issues were fixed in Werkzeug. oval:org.secpod.oval:def:125160 MinGW Windows Python werkzeug library. oval:org.secpod.oval:def:1506849 [0.12.2-4.0.1] - Fix CVE-2023-23934 [Orabug: 35662419] - Fix CVE-2023-25577 [Orabug: 35662419] - enable tests [Orabug: 35662419] oval:org.secpod.oval:def:612606 Several vulnerabilities were discovered in python-werkzeug, a collection of utilities for WSGI applications. CVE-2023-23934 It was discovered that Werkzeug did not properly handle the parsing of nameless cookies which may allow shadowing of other cookies. CVE-2023-25577 It was discovered that Werkze ... |