CVE-2019-25091

Name of the Vulnerable Software and Affected Versions nsupdate.info (affected versions not specified)

Description A problematic vulnerability has been found in nsupdate.info, affecting the component CSRF Cookie Handler in the file src/nsupdate/settings/base.py. The manipulation of the argument CSRF COOKIE HTTPONLY leads to a cookie without the httponly flag. This issue can be initiated remotely.

Recommendations To fix this issue, it is recommended to apply a patch, specifically the one with the name 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. As a temporary workaround, consider restricting the manipulation of the CSRF COOKIE HTTPONLY argument to minimize the risk of exploitation.