GHSA-gq9m-qvpx-68hc

Source

https://github.com/advisories/GHSA-gq9m-qvpx-68hc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-gq9m-qvpx-68hc/GHSA-gq9m-qvpx-68hc.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-gq9m-qvpx-68hc

Aliases

Published

2019-08-21T16:15:24Z

Modified

2024-11-19T18:23:22.638704Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Pallets Werkzeug Insufficient Entropy

Details

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Database specific

{
    "cwe_ids": [
        "CWE-331"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2019-08-09T15:15:00Z",
    "github_reviewed_at": "2019-08-21T16:01:59Z",
    "severity": "HIGH"
}

References

Affected packages

PyPI / werkzeug

Package

Name: werkzeug; View open source insights on deps.dev
Purl: pkg:pypi/werkzeug

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.15.3

Affected versions

0.*

0.1

0.2

0.3

0.3.1

0.4

0.4.1

0.5

0.5.1

0.6

0.6.1

0.6.2

0.7

0.7.1

0.7.2

0.8

0.8.1

0.8.2

0.8.3

0.9

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.10

0.10.1

0.10.2

0.10.3

0.10.4

0.11

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.11.6

0.11.7

0.11.8

0.11.9

0.11.10

0.11.11

0.11.12

0.11.13

0.11.14

0.11.15

0.12

0.12.1

0.12.2

0.13

0.14

0.14.1

0.15.0

0.15.1

0.15.2