Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

Permalink: https://github.com/advisories/GHSA-m3g7-wrrq-v5c8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Percentage: 0.00069
EPSS Percentile: 0.32502

Identifiers: GHSA-m3g7-wrrq-v5c8, CVE-2023-0055
References:

• https://nvd.nist.gov/vuln/detail/CVE-2023-0055
• https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
• https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
• https://github.com/advisories/GHSA-m3g7-wrrq-v5c8

Repository: https://github.com/pyload/pyload
Blast Radius: 0.0

Affected Packages