CVE-2019-25091

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 3.7

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

Ссылки

https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a
Patch
Third Party Advisory
https://github.com/nsupdate-info/nsupdate.info/pull/410
Patch
Third Party Advisory
https://vuldb.com/?ctiid.216909
Third Party Advisory
https://vuldb.com/?id.216909
Third Party Advisory
https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a
Patch
Third Party Advisory
https://github.com/nsupdate-info/nsupdate.info/pull/410
Patch
Third Party Advisory
https://vuldb.com/?ctiid.216909
Third Party Advisory
https://vuldb.com/?id.216909
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nsupdate:nsupdate.info:*:*:*:*:*:*:*:*

Версия до 2019-05-19 (исключая)

EPSS

Процентиль: 48%

0.00253

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-1004

Связанные уязвимости

GHSA-mwvp-qr62-cvjx

CVSS3: 5.3

github

около 3 лет назад

nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

EPSS

Процентиль: 48%

0.00253

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-1004