exploitDog

GHSA-9f24-x4vj-q8g2

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.

Ссылки

EPSS

Процентиль: 66%

0.00515

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2021-29247

CVSS3: 5.3

nvd

почти 5 лет назад

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.

EPSS

Процентиль: 66%

0.00515

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-200