143 matches found
Fedora 43 : curl (2026-d0bcb866d0)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d0bcb866d0 advisory. - fix Out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
CVE-2026-47069
CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...
CVE-2026-47069 CRLF injection in cookie domain/path options in hackney
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
CVE-2026-47069 CRLF injection in cookie domain/path options in hackney
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
EEF-CVE-2026-47069 CRLF injection in cookie domain/path options in hackney
Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the doma...
PT-2026-43066
Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
GHSA-FQWM-6JPJ-5WXC Tornado has cookie attribute injection via .RequestHandler.set_cookie
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...
Exposure of Resource to Wrong Sphere
Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access to user sessions by capturing valid session tokens through co-hosted applications operating under t...
Exposure of Resource to Wrong Sphere
Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthoriz...
Exposure of Resource to Wrong Sphere
Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain...
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
GHSA-4FHM-P86V-HWPX Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
EUVD-2026-12558
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
PYSEC-2026-16
Apache Airflow versions 3.1.0 through 3.1.7session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl.This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
CVE-2026-28779
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...