How severe is CVE-2023-23934?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2023-23934?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2023-23934 - LOW Severity | CVSS 3.5

Vulnerability Description

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.

Related Vulnerabilities

CVE-2016-1763

LOW

CVSS:3.5(Low)

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a...

CWE-202016

CVE-2016-8535

LOW

CVSS:3.5(Low)

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CWE-202016

CVE-2016-8651

LOW

CVSS:3.5(Low)

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access t...

CWE-202016

CVE-2017-7517

LOW

CVSS:3.5(Low)

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject...

CWE-202017

CVE-2019-4271

LOW

CVSS:3.5(Low)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CWE-202019

CVE-2019-5461

LOW

CVSS:3.5(Low)

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This ...

CWE-202019