VDB
EN
MEDIUM 5.3

PYSEC-2026-885

nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

상세

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file `src/nsupdate/settings/base.py` of the component `CSRF Cookie Handler`. The manipulation of the argument `CSRF_COOKIE_HTTPONLY` leads to cookie without `httponly` flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / nsupdate
최초 영향 버전: 0 수정 버전: 0.13.0
수정 pip install --upgrade 'nsupdate>=0.13.0'

참고