CVE-2024-47833

Name of the Vulnerable Software and Affected Versions Taipy versions prior to 4.0.0

Description The issue concerns session cookies being served without Secure and HTTPOnly flags, which could expose them to interception or tampering if the connection is not secure. The HTTPOnly flag prevents the cookie from being accessed by client-side JavaScript, helping to mitigate certain types of attacks, such as cross-site scripting (XSS).

Recommendations For versions prior to 4.0.0, upgrade to release version 4.0.0 to address the issue. As a temporary workaround, consider adding Secure and HTTPOnly flags for cookies, for example, by setting document.cookie = tprh=${tprh};path=/;Secure;HttpOnly;; to prevent the cookie from being sent over insecure connections and accessed by client-side JavaScript.