-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from improper cookie parsing logic shown in the diff:- The regex pattern for cookie keys was changed from [^=;]+ to [^=;]* allowing empty keys- The _cookie_parse_impl function processed these empty keys without proper validation- The patch added a 'if not key: continue' check to skip empty keys after stripping- The CWE-20 mapping confirms this is an input validation issue in cookie parsing
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Werkzeug | pip | < 2.2.3 | 2.2.3 |
Ongoing coverage of React2Shell