← back
CVE-2018-1000814

CVE-2018-1000814

EPSS 1.0%
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/aio-libs/aiohttp-session/issues/325https://github.com/aio-libs/aiohttp-session/pull/331