logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-47833 taipy

Package

Manager: pip
Name: taipy
Vulnerable Version: >=0 <4.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.00035 pctl0.0868

Details

Taipy has a Session Cookie without Secure and HTTPOnly flags ### Summary Session cookie is without Secure and HTTPOnly flags. ### Details Please take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below) **Occurrences**: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67 **Proposed remediation:** add Secure and HTTPOnly flags for cookies. It could be like this: document.cookie = `tprh=${tprh};path=/;Secure;HttpOnly;`; ### PoC **Screenshot**: ![image](https://github.com/Avaiga/taipy/assets/18367606/ea7d1bbd-ba27-447f-932b-3d33ffc1a2e7) ### Impact **Secure**: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure. **HttpOnly:** This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie's value. **References** CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute https://cwe.mitre.org/data/definitions/614.html CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag - https://cwe.mitre.org/data/definitions/1004.html OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/ Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag **Other**: Title: Encrypting the Web URL: https://www.eff.org/encrypt-the-web Update (Required advisory information) - added severity, resource: https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set Best regards,

Metadata

Created: 2024-08-27T19:50:59Z
Modified: 2025-01-21T18:28:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-r3jq-4r5c-j9hp/GHSA-r3jq-4r5c-j9hp.json
CWE IDs: ["CWE-1004", "CWE-319", "CWE-614"]
Alternative ID: GHSA-r3jq-4r5c-j9hp
Finding: F042
Auto approve: 1