aiohttp_session is vulnerable to session fixation attacks. A malicious user with access to a valid cookie can inject the cookie into another user’s browser to gain control of that user’s session.
CPE | Name | Operator | Version |
---|---|---|---|
aiohttp-session | le | 2.3.0 | |
aiohttp-session | le | 0.8.0 |