22 matches found
CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
EUVD-2018-0002
Malware in sbrugna...
PT-2025-7078 · Unknown +1 · Home Assistant Core +2
Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2024.1.6 Description: The issue concerns a potential man-in-the-middle attack due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past,...
GHSA-MR4X-C4V9-X729 aiohttp-session creates non-expiring sessions
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
aiohttp-session creates non-expiring sessions
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
PYSEC-2018-35
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
PYSEC-2018-35
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)
aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000814 Source advisory: OSV:PYSEC-2018-35...
CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
Improper access control
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)
aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000519 Source advisory: OSV:GHSA-FPWP-69XV-C67F...
GHSA-FPWP-69XV-C67F aiohttp-session Session Fixation vulnerability
The pypi package aiohttp-session before 2.4.0 contained a Session Fixation vulnerability in loadsession function for RedisStorage that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies ?session=, or meta tags or script tags wi...
aiohttp-session Session Fixation vulnerability
The pypi package aiohttp-session before 2.4.0 contained a Session Fixation vulnerability in loadsession function for RedisStorage that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies ?session=, or meta tags or script tags wi...
aio-libs aiohttp-session session fixation vulnerability
aio-libs aiohttp-session is an application that supports storing user-specific data into session objects. A session fixation vulnerability exists in the 'RedisStorage' function of RedisStorage in aio-libs aiohttp-session. An attacker can exploit this vulnerability to hijack a session with the hel...
CVE-2018-1000519
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
CVE-2018-1000519
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
Session fixation
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
PYSEC-2018-80
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +65 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)
aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000519 Source advisory: OSV:PYSEC-2018-80...