aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)

webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:GHSA-8554-JXCW-454Q...

aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)

webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:PYSEC-2019-139...

GHSA-MR4X-C4V9-X729 aiohttp-session creates non-expiring sessions

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

aiohttp-session creates non-expiring sessions

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000814 Source advisory: OSV:PYSEC-2018-35...

CVE-2018-1000814

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

CVE-2018-1000814

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

Improper access control

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

CVE-2018-1000814

CVE-2018-1000814 affects aiohttp-session versions 2.6.0 and earlier. The vulnerability lies in EncryptedCookieStorage and NaClCookieStorage, allowing non-expiring (infinite) sessions. Exploitation described as recreation of a cookie post-expiry with the same value; no explicit fixes are provided ...

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000519 Source advisory: OSV:GHSA-FPWP-69XV-C67F...

GHSA-FPWP-69XV-C67F aiohttp-session Session Fixation vulnerability

The pypi package aiohttp-session before 2.4.0 contained a Session Fixation vulnerability in loadsession function for RedisStorage that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies ?session=, or meta tags or script tags wi...

aiohttp-session Session Fixation vulnerability

The pypi package aiohttp-session before 2.4.0 contained a Session Fixation vulnerability in loadsession function for RedisStorage that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies ?session=, or meta tags or script tags wi...

aio-libs aiohttp-session session fixation vulnerability

aio-libs aiohttp-session is an application that supports storing user-specific data into session objects. A session fixation vulnerability exists in the 'RedisStorage' function of RedisStorage in aio-libs aiohttp-session. An attacker can exploit this vulnerability to hijack a session with the hel...

CVE-2018-1000519

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

CVE-2018-1000519

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

PYSEC-2018-80

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

Session fixation

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000519 Source advisory: OSV:PYSEC-2018-80...