← volver
CVE-2018-1000814

CVE-2018-1000814

EPSS 1.0%
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/aio-libs/aiohttp-session/issues/325https://github.com/aio-libs/aiohttp-session/pull/331