CVE-2023-0055 – pyload-ng

Package

Manager: pip
Name: pyload-ng
Vulnerable Version: >=0 <0.5.0b3.dev32

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0009 pctl0.26403

Details

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

Metadata

Created: 2023-01-05T00:30:17Z
Modified: 2023-01-11T20:55:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-m3g7-wrrq-v5c8/GHSA-m3g7-wrrq-v5c8.json
CWE IDs: ["CWE-319", "CWE-614"]
Alternative ID: GHSA-m3g7-wrrq-v5c8
Finding: F042
Auto approve: 1