CVE-2024-34069

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.0.3

Description The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.

Recommendations For versions prior to 3.0.3, update to version 3.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the debugger or disabling it until the update is applied. Avoid using the debugger on untrusted or public networks, and ensure that the debugger PIN is not easily guessable.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2025-3304

AZL-40372

AZL-40466

BDU:2025-03918

CVE-2024-34069

DLA-4062-1

GHSA-2G68-C3QC-8985

MGASA-2024-0234

OESA-2025-1997

OESA-2025-1998

OESA-2025-2060

OPENSUSE-SU-2024:14042-1

OPENSUSE-SU-2024_1591-1

OPENSUSE-SU-2024_1608-1

OPENSUSE-SU-2024_1624-1

RHSA-2024:10696

RHSA-2024:5810

RHSA-2024:6016

RHSA-2024:9975

RHSA-2024:9976

RHSA-2025:4664

SUSE-SU-2024:1572-1

SUSE-SU-2024:1591-1

SUSE-SU-2024:1591-2

SUSE-SU-2024:1608-1

SUSE-SU-2024:1624-1

SUSE-SU-2024:1624-2

SUSE-SU-2024_1572-1

SUSE-SU-2024_1591-1

SUSE-SU-2024_1608-1

SUSE-SU-2024_1624-1

SUSE-SU-2024_1624-2

USN-6799-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Werkzeug

CVE-2024-34069

Weakness Enumeration

Related Identifiers

Affected Products

References · 59