← voltar
CVE-2018-1000814

CVE-2018-1000814

EPSS 1.0%
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/aio-libs/aiohttp-session/issues/325https://github.com/aio-libs/aiohttp-session/pull/331