CVE-2023-0055

MEDIUM5.3EPSS 0.14%

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

發布日:2023/1/5修改日:2023/11/8

描述

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

受影響套件(1)

PyPI/pyload-ngfrom 0, < 0.5.0b3.dev32

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0055
PATCHhttps://github.com/pyload/pyload
WEBhttps://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
WEBhttps://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce