CVE-2024-34069

Name: CVE-2024-34069
Creator: NVD / NIST
Published: 2024-05-06T15:15:23.99+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 3.40%

Last modified Jun 17, 2026

CVE-2024-34069 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. EPSS estimates a 3.40% chance of exploitation in the next 30 days.

Description

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

3.40%

87.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Palletsprojects	Werkzeug	< 3.0.3
Debian	Debian Linux	11.0
Fedoraproject	Fedora	38
Fedoraproject	Fedora	40

References

https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692Patch
https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20240614-0004/Third Party Advisory
https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692Patch
https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00026.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20240614-0004/Third Party Advisory

Timeline

Published: May 6, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-34069?

How severe is CVE-2024-34069?

CVE-2024-34069 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 3.40% probability of exploitation in the next 30 days.

How do I fix CVE-2024-34069?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-34069?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST