werkzeug is vulnerable to Authorization Bypass. A vulnerable browser may allow a compromised application on an adjacent subdomain to set a cookie like =__Host-test=bad
for another subdomain, when the browser accepts nameless
cookies such as =value
instead of key=value
, resulting in application seeing the bad cookie value but the valid cookie key.