CVE-2023-0055

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions pyload/pyload versions prior to 0.5.0b3.dev32

Description The issue concerns a sensitive cookie in HTTPS sessions without the 'Secure' attribute set. This could cause the user agent to send those cookies in plaintext over an HTTP session.

Recommendations For versions prior to 0.5.0b3.dev32, update to version 0.5.0b3.dev32 to resolve the issue. As a temporary workaround, consider restricting the use of sensitive cookies in HTTPS sessions until the update is applied.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-614

Related Identifiers

CVE-2023-0055

GHSA-M3G7-WRRQ-V5C8

Affected Products

Pyload

CVE-2023-0055

Weakness Enumeration

Related Identifiers

Affected Products

References · 9