MEDIUM 5.3

GHSA-m3g7-wrrq-v5c8

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

상세

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pyload-ng

최초 영향 버전: 0 수정 버전: 0.5.0b3.dev32

수정 pip install --upgrade 'pyload-ng>=0.5.0b3.dev32'

참고

https://nvd.nist.gov/vuln/detail/CVE-2023-0055 [ADVISORY]
https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703 [WEB]
https://github.com/pyload/pyload [PACKAGE]
https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce [WEB]