CVE-2019-14806: Docker this pin would be identical across all containers

August 9, 2019 (updated September 11, 2019)

Pallets Werkzeug, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

References

nvd.nist.gov/vuln/detail/CVE-2019-14806
palletsprojects.com/blog/werkzeug-0-15-3-released/

Detect and mitigate CVE-2019-14806 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →