2 matches found
CVE-2018-1000519
The CVE-2018-1000519 entry concerns aiohttp-session (aio-libs) with a Session Fixation vulnerability in RedisStorage.load_session, enabling session hijacking. Affected component: RedisStorage in aiohttp-session; vulnerable function: load_session (reference: repository link in initial doc). Exploi...
CVE-2018-1000814
CVE-2018-1000814 affects aiohttp-session versions 2.6.0 and earlier. The vulnerability lies in EncryptedCookieStorage and NaClCookieStorage, allowing non-expiring (infinite) sessions. Exploitation described as recreation of a cookie post-expiry with the same value; no explicit fixes are provided ...