Skip to main content

Aiohttp Session

2 CVEs product

Monthly

CVE-2018-1000814 PyPI MEDIUM POC PATCH This Month

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aiohttp Session
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2018-1000519 PyPI MEDIUM POC PATCH This Month

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Aiohttp Session
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aiohttp Session
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Aiohttp Session
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy