HIGH 7.5 PyPI
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
GHSA-mjw4-xvx6-3grg · CVE-2022-3174 · PYSEC-2022-271
Published · Modified
Description
rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-3174
- WEB https://github.com/ikus060/rdiffweb/commit/f2de2371c5e13ce1c6fd6f9a1ed3e5d46b93cd7e
- ADVISORY https://github.com/advisories/GHSA-mjw4-xvx6-3grg
- PACKAGE https://github.com/ikus060/rdiffweb
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-271.yaml
- WEB https://huntr.dev/bounties/d8a32bd6-c76d-4140-a5ca-ef368a3058ce
Ready to move
Start Securing
Free, no credit card | First findings in minutes