GHSA-gq9m-qvpx-68hc

Suggest an improvement
Source
https://github.com/advisories/GHSA-gq9m-qvpx-68hc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-gq9m-qvpx-68hc/GHSA-gq9m-qvpx-68hc.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-gq9m-qvpx-68hc
Aliases
Published
2019-08-21T16:15:24Z
Modified
2024-11-19T18:23:22.638704Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Pallets Werkzeug Insufficient Entropy
Details

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Database specific
{
    "nvd_published_at": "2019-08-09T15:15:00Z",
    "cwe_ids": [
        "CWE-331"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-08-21T16:01:59Z"
}
References

Affected packages

PyPI / werkzeug

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.15.3

Affected versions

0.*

0.1
0.2
0.3
0.3.1
0.4
0.4.1
0.5
0.5.1
0.6
0.6.1
0.6.2
0.7
0.7.1
0.7.2
0.8
0.8.1
0.8.2
0.8.3
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.10
0.10.1
0.10.2
0.10.3
0.10.4
0.11
0.11.1
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.11.10
0.11.11
0.11.12
0.11.13
0.11.14
0.11.15
0.12
0.12.1
0.12.2
0.13
0.14
0.14.1
0.15.0
0.15.1
0.15.2