Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tanc0LXh2eDYtM2dyZ84AAuyq

rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue.

Permalink: https://github.com/advisories/GHSA-mjw4-xvx6-3grg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tanc0LXh2eDYtM2dyZ84AAuyq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-mjw4-xvx6-3grg, CVE-2022-3174
References: Repository: https://github.com/ikus060/rdiffweb

Affected Packages

pypi:rdiffweb
Dependent packages: 0
Dependent repositories: 3
Downloads: 690 last month
Affected Version Ranges: = 2.4.1
Fixed in: 2.4.2
All affected versions: 2.4.1
All unaffected versions: 0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.5.0, 2.0.2, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9