MEDIUM 5.3
PYSEC-2026-885
nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag
상세
A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file `src/nsupdate/settings/base.py` of the component `CSRF Cookie Handler`. The manipulation of the argument `CSRF_COOKIE_HTTPONLY` leads to cookie without `httponly` flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2019-25091 [ADVISORY]
- https://github.com/nsupdate-info/nsupdate.info/pull/410 [WEB]
- https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a [WEB]
- https://github.com/nsupdate-info/nsupdate.info [PACKAGE]
- https://vuldb.com/?ctiid.216909 [WEB]
- https://vuldb.com/?id.216909 [WEB]
- https://pypi.org/project/nsupdate [PACKAGE]
- https://github.com/advisories/GHSA-mwvp-qr62-cvjx [ADVISORY]