PT-2023-15974 · Pypi · Pyload

Gammac0De

Publicado

2023-01-04

Atualizado

2023-01-11

CVE-2023-0055

CVSS v3.1

3.1

Baixa

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions pyload/pyload versions prior to 0.5.0b3.dev32

Description The issue concerns a sensitive cookie in HTTPS sessions without the 'Secure' attribute set. This could cause the user agent to send those cookies in plaintext over an HTTP session.

Recommendations For versions prior to 0.5.0b3.dev32, update to version 0.5.0b3.dev32 to resolve the issue. As a temporary workaround, consider restricting the use of sensitive cookies in HTTPS sessions until the update is applied.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-614

Identificadores relacionados

CVE-2023-0055

GHSA-M3G7-WRRQ-V5C8

Produtos afetados

Pyload

PT-2023-15974 · Pypi · Pyload

CVE-2023-0055

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9