Fluid Attacks Database

Description

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	pyload-ng	>=0 <0.5.0b3.dev32	0.5.0b3.dev32

Aliases

1. CVE-2023-00552. NVD-2023-00553. OSV-2023-00554. GCVE-2023-0055

References

1. https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc37217032. https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.