{"uuid": "eb417bd8-ee6e-4407-b78c-40912f545707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23934", "type": "seen", "source": "https://t.me/arpsyndicate/2696", "content": "#ExploitObserverAlert\n\nCVE-2023-23934\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-23934. Werkzeug is a comprehensive WSGI web application library. Browsers may allow \"nameless\" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 2.1", "creation_timestamp": "2024-01-09T00:30:40.000000Z"}