530 matches found
CVE-2023-0055
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
PT-2023-15974 · Pypi · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev32 Description: The issue concerns a sensitive cookie in HTTPS sessions without the 'Secure' attribute set. This could cause the user agent to send those cookies in plaintext over an HTTP session...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
CVE-2023-0055
CVE-2023-0055 affects the pyload/pyload project prior to version 0.5.0b3.dev32. The issue is leaking cookies in HTTPS sessions because the Secure attribute is not set on sensitive cookies, potentially allowing plaintext transmission. A fix is available in version 0.5.0b3.dev32. No exploitation de...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
pyload 安全漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible, and fully manageable over the Web. pyload is a free and open source download manager written in Python. A security vulnerability exists in versions prior to pyload...
PT-2023-8312 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload versions prior to 0.5.0b3.dev33 Description: The issue is related to improper restriction of rendered UI layers or frames in the pyload software, which can be exploited by a remote attacker to conduct a clickjacking attack. This allows...
CVE-2023-0055 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyload
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...
Inefficient Regular Expression Complexity in pyload/pyload
✍️ Description The pyload package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted HTML comments as input to the comments function of utils/web/purge.py may cause an application to consume an excessive amount of CPU. Below pinned line using...