Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.
Permalink: https://github.com/advisories/GHSA-m3g7-wrrq-v5c8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-m3g7-wrrq-v5c8, CVE-2023-0055
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0055
- https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
- https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
- https://github.com/advisories/GHSA-m3g7-wrrq-v5c8
Blast Radius: 0.0
Affected Packages
pypi:pyload-ng
Dependent packages: 0Dependent repositories: 1
Downloads: 1,955 last month
Affected Version Ranges: < 0.5.0b3.dev32
Fixed in: 0.5.0b3.dev32
All affected versions: 0.5.0-a5.dev528, 0.5.0-a5.dev532, 0.5.0-a5.dev535, 0.5.0-a5.dev536, 0.5.0-a5.dev537, 0.5.0-a5.dev539, 0.5.0-a5.dev540, 0.5.0-a5.dev545, 0.5.0-a5.dev562, 0.5.0-a5.dev564, 0.5.0-a5.dev565, 0.5.0-a6.dev570, 0.5.0-a6.dev578, 0.5.0-a6.dev587, 0.5.0-a7.dev596, 0.5.0-a8.dev602, 0.5.0-a9.dev615, 0.5.0-a9.dev629, 0.5.0-a9.dev632, 0.5.0-a9.dev641, 0.5.0-a9.dev643, 0.5.0-a9.dev655, 0.5.0-a9.dev806, 0.5.0-b1.dev1, 0.5.0-b1.dev2, 0.5.0-b1.dev3, 0.5.0-b1.dev4, 0.5.0-b1.dev5, 0.5.0-b2.dev9, 0.5.0-b2.dev10, 0.5.0-b2.dev11, 0.5.0-b2.dev12, 0.5.0-b3.dev13, 0.5.0-b3.dev14, 0.5.0-b3.dev17, 0.5.0-b3.dev18, 0.5.0-b3.dev19, 0.5.0-b3.dev20, 0.5.0-b3.dev21, 0.5.0-b3.dev22, 0.5.0-b3.dev24, 0.5.0-b3.dev26, 0.5.0-b3.dev27, 0.5.0-b3.dev28, 0.5.0-b3.dev29, 0.5.0-b3.dev30, 0.5.0-b3.dev31
All unaffected versions: