Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Werkzeug debugger vulnerability, update to 3.0.3 #148

Open
warownia1 opened this issue Oct 24, 2024 · 0 comments
Open

Werkzeug debugger vulnerability, update to 3.0.3 #148

warownia1 opened this issue Oct 24, 2024 · 0 comments
Labels
issue pri:med v0.8.5 Featues and bugs that will go into the 0.8.5 release

Comments

@warownia1
Copy link
Collaborator

https://osv.dev/vulnerability/GHSA-2g68-c3qc-8985

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.
@warownia1 warownia1 added issue pri:med v0.8.5 Featues and bugs that will go into the 0.8.5 release labels Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue pri:med v0.8.5 Featues and bugs that will go into the 0.8.5 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@warownia1