How severe is GHSA-vg9h-jx4v-cwx2?

No CVSS score has been assigned to GHSA-vg9h-jx4v-cwx2 yet. Review the advisory details and affected package list to assess your exposure.

Which packages are affected by GHSA-vg9h-jx4v-cwx2?

GHSA-vg9h-jx4v-cwx2 affects the following packages: dfir-unfurl (PyPI). Ecosystems affected: PyPI.

How do I fix GHSA-vg9h-jx4v-cwx2?

No patched version of dfir-unfurl has shipped for GHSA-vg9h-jx4v-cwx2 yet. Where your build allows, override or pin the dependency away from the vulnerable range, and apply any maintainer-recommended mitigation.

How do I detect GHSA-vg9h-jx4v-cwx2 in my PyPI dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for dfir-unfurl. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-vg9h-jx4v-cwx2 if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-vg9h-jx4v-cwx2?

O3 pinpoints whether GHSA-vg9h-jx4v-cwx2 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-vg9h-jx4v-cwx2 actively exploited in the wild?

No public exploit code has been indexed for GHSA-vg9h-jx4v-cwx2 yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-vg9h-jx4v-cwx2 published, and has it been updated?

GHSA-vg9h-jx4v-cwx2 was published on January 29, 2026 and was last updated on February 3, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

🐍 PyPI

GHSA-vg9h-jx4v-cwx2

Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)

Published

Jan 29, 2026

Updated

Feb 3, 2026

Affected

1 pkg

Patched

None yet

Exploits

None indexed

Blast Radius

1 pkg affected

🐍dfir-unfurl

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.

Description

Summary

The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.run(debug=...), so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default.

Details

unfurl/app.py:web_app() reads debug via config['UNFURL_APP'].get('debug'), which returns a string.
UnfurlApp.__init__ passes that string directly to app.run(debug=unfurl_debug, ...).
If unfurl.ini omits debug, the default argument is the string "True".
As a result, debug mode is effectively always on and cannot be reliably disabled via config.

PoC

Create a local unfurl.ini with debug = False under [UNFURL_APP].
Run the server using unfurl_app (or python -c 'from unfurl.app import web_app; web_app()').
Observe server logs showing Debug mode: on / Debugger is active!.
The included PoC script security_poc/poc_debug_mode.py --spawn automates this check.

PoC Script (inline)

#!/usr/bin/env python3
"""
Unfurl Debug Mode PoC (Corrected)
================================

This PoC demonstrates that Unfurl's Flask debug mode is effectively
**always enabled by default** due to string parsing of the `debug`
config value. Even `debug = False` in `unfurl.ini` evaluates truthy
when passed to `app.run(debug=...)`.

Two modes:
1) --spawn (default): launch a local Unfurl server with debug=False
   in a temp config and inspect logs for "Debug mode: on".
2) --target: attempt a remote indicator check (best-effort; may be silent
   if no exception is triggered).
"""

import argparse
import os
import subprocess
import sys
import tempfile
import textwrap
import time


def run_spawn_check() -> None:
    repo_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))

    ini_contents = textwrap.dedent("""
    [UNFURL_APP]
    host = 127.0.0.1
    port = 5055
    debug = False
    remote_lookups = false

    [API_KEYS]
    bitly =
    macaddress_io =
    """).strip() + "\n"

    with tempfile.TemporaryDirectory() as tmp:
        ini_path = os.path.join(tmp, 'unfurl.ini')
        with open(ini_path, 'w') as f:
            f.write(ini_contents)

        env = os.environ.copy()
        env['PYTHONPATH'] = repo_root

        cmd = [sys.executable, '-c', 'from unfurl.app import web_app; web_app()']
        proc = subprocess.Popen(
            cmd,
            cwd=tmp,
            env=env,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            text=True
        )

        # Allow server to start and emit logs
        time.sleep(2)
        proc.terminate()
        try:
            out, err = proc.communicate(timeout=2)
        except subprocess.TimeoutExpired:
            proc.kill()
            out, err = proc.communicate()

        output = (out or "") + (err or "")

    print("\n[+] Debug mode spawn check")
    print("    Config: debug = False")

    if "Debug mode: on" in output or "Debugger is active" in output:
        print("    ✅ Debug mode is ON despite debug=False (vulnerable)")
    else:
        print("    ⚠️  Debug mode not detected in logs (check output below)")

    if output.strip():
        print("\n--- server output (truncated) ---")
        print("\n".join(output.splitlines()[:15]))
        print("--- end ---")


def run_remote_probe(target: str) -> None:
    import requests

    print("\n[+] Remote debug indicator probe (best-effort)")
    print(f"    Target: {target}")

    # This app does not easily throw exceptions from user input, so
    # absence of indicators does NOT prove debug is off.
    probe_urls = [
        f"{target.rstrip('/')}/__nonexistent__",
    ]

    detected = False
    for url in probe_urls:
        try:
            resp = requests.get(url, timeout=10)
            if "Werkzeug Debugger" in resp.text or "Traceback" in resp.text:
                detected = True
                print("    ✅ Debug indicators found")
                break
        except Exception as e:
            print(f"    ⚠️  Probe failed: {e}")

    if not detected:
        print("    ⚠️  No debug indicators found (this is not definitive)")


def main():
    parser = argparse.ArgumentParser(description='Unfurl debug mode PoC (corrected)')
    parser.add_argument('--spawn', action='store_true', help='Run local spawn check (default)')
    parser.add_argument('--target', help='Target Unfurl URL for remote probe')
    args = parser.parse_args()

    if args.target:
        run_remote_probe(args.target)
    else:
        run_spawn_check()


if __name__ == '__main__':
    main()

Impact

If the service is exposed beyond localhost (bound to 0.0.0.0 or reverse-proxied), an attacker can access the Werkzeug debugger. This can disclose sensitive information and may allow remote code execution if a debugger PIN is obtained. At minimum, stack traces and environment details are exposed on errors.

Affected Packages

1 total

Ecosystem	Package	Vulnerable range	Fix
🐍PyPI	`dfir-unfurl`	all versions	No fix

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for dfir-unfurl. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Remediation status
No patched version of dfir-unfurl has shipped for GHSA-vg9h-jx4v-cwx2 yet. Where your build allows, override or pin the dependency away from the vulnerable range, and apply any maintainer-recommended mitigation.
Mitigate without a patch
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-vg9h-jx4v-cwx2 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-vg9h-jx4v-cwx2. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary The Unfurl web app enables Flask debug mode even when configuration sets `debug = False`. The config value is read as a string and passed directly to `app.run(debug=...)`, so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. ### Details - `unfurl/app.py:web_app()` reads `debug` via `config['UNFURL_APP'].get('debug')`, which returns a string. - `UnfurlApp.__init__` passes that string directly to `app.run(debug=unfurl_debug, ...)`. - If `unfurl.ini` omits `debug`, the default argument is the string `"True"`. - As a result, debug mode is effe

O3 Security · Impact-Aware SCA

Is GHSA-vg9h-jx4v-cwx2 in your dependencies?

O3 detects GHSA-vg9h-jx4v-cwx2 across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works