OESA-2025-2060

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2060

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-2060.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-2060

Upstream

CVE-2024-34069

Published

2025-08-22T11:36:35Z

Modified

2025-08-22T12:16:00.275871Z

Summary

python-werkzeug security update

Details

A comprehensive WSGI web application library

Security Fix(es):

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.(CVE-2024-34069)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / python-werkzeug

Package

Name: python-werkzeug
Purl: pkg:rpm/openEuler/python-werkzeug&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1-3.oe2003sp4

Ecosystem specific

{
    "src": [
        "python-werkzeug-1.0.1-3.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "python2-werkzeug-1.0.1-3.oe2003sp4.noarch.rpm",
        "python3-werkzeug-1.0.1-3.oe2003sp4.noarch.rpm",
        "python3-werkzeug-doc-1.0.1-3.oe2003sp4.noarch.rpm"
    ]
}