DescriptionA flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a vulnerable or malicious subdomain that sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a vulnerable or malicious subdomain that sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Vulmon