High severityNVD Advisory· Published Aug 9, 2019· Updated Aug 5, 2024
CVE-2019-14806
CVE-2019-14806
Description
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
werkzeugPyPI | < 0.15.3 | 0.15.3 |
Affected products
17- Pallets/Werkzeugdescription
- ghsa-coords16 versionspkg:pypi/werkzeugpkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-Werkzeug&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-Werkzeug-doc&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-Werkzeug-doc&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/python-Werkzeug&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Werkzeug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-Werkzeug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-Werkzeug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/python-Werkzeug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/python-Werkzeug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-Werkzeug&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Werkzeug&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Werkzeug&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Werkzeug&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.15.3+ 15 more
- (no CPE)range: < 0.15.3
- (no CPE)range: < 0.12.2-lp150.2.3.1
- (no CPE)range: < 0.14.1-lp151.2.3.1
- (no CPE)range: < 2.0.1-1.2
- (no CPE)range: < 0.12.2-lp150.2.3.1
- (no CPE)range: < 0.14.1-lp151.2.3.1
- (no CPE)range: < 0.12.2-3.3.1
- (no CPE)range: < 0.12.2-3.3.1
- (no CPE)range: < 0.14.1-6.3.1
- (no CPE)range: < 0.12.2-3.3.1
- (no CPE)range: < 0.14.1-6.3.1
- (no CPE)range: < 0.12.2-10.10.1
- (no CPE)range: < 0.12.2-3.3.1
- (no CPE)range: < 0.14.1-3.3.1
- (no CPE)range: < 0.12.2-3.3.1
- (no CPE)range: < 0.14.1-3.3.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-gq9m-qvpx-68hcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-14806ghsaADVISORY
- github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.pyghsax_refsource_MISCWEB
- github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yamlghsaWEB
- palletsprojects.com/blog/werkzeug-0-15-3-releasedghsaWEB
- palletsprojects.com/blog/werkzeug-0-15-3-released/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.