MEDIUM 5.3

GHSA-m3g7-wrrq-v5c8

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Details

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pyload-ng

Introduced in: 0 Fixed in: 0.5.0b3.dev32

Fix pip install --upgrade 'pyload-ng>=0.5.0b3.dev32'

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0055 [ADVISORY]
https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703 [WEB]
https://github.com/pyload/pyload [PACKAGE]
https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce [WEB]