Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value
instead of key=value
. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad
for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie =__Host-test=bad
as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python-werkzeug" }, { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python-werkzeug-doc" }, { "binary_version": "0.10.4+dfsg1-1ubuntu1.2+esm1", "binary_name": "python3-werkzeug" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python-werkzeug" }, { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python-werkzeug-doc" }, { "binary_version": "0.14.1+dfsg1-1ubuntu0.2", "binary_name": "python3-werkzeug" } ] }