—

PYSEC-2022-282

Details

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / octoprint

Introduced in: 0 Fixed in: 40e6217ac1a85cc5ed592873ae49db01d3005da4

Fix pip install --upgrade 'octoprint>=40e6217ac1a85cc5ed592873ae49db01d3005da4'

References

https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4 [FIX]
https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629 [WEB]
https://github.com/advisories/GHSA-937f-qh3w-6g87 [ADVISORY]