CVE-2019-25091

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-25091

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25091.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25091

Aliases

GHSA-mwvp-qr62-cvjx

Published

2022-12-27T23:15:10.263Z

Modified

2025-11-20T11:02:21.274868Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

References

Affected packages

Git / github.com/nsupdate-info/nsupdate.info

Affected ranges

Type: GIT
Repo: https://github.com/nsupdate-info/nsupdate.info
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

60a3fe559c453bc36b0ec3e5dd39c1303640a59a

Affected versions

0.*

0.12.0

Other

djangodash2013

v0.*

v0.10.0

v0.11.0

v0.2.0b0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0