GHSA-r3jq-4r5c-j9hp

Source

https://github.com/advisories/GHSA-r3jq-4r5c-j9hp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-r3jq-4r5c-j9hp/GHSA-r3jq-4r5c-j9hp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r3jq-4r5c-j9hp

Aliases

Published

2024-08-27T19:50:59Z

Modified

2025-01-21T18:36:26.573615Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

Taipy has a Session Cookie without Secure and HTTPOnly flags

Details

Summary

Session cookie is without Secure and HTTPOnly flags.

Details

Please take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)

Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67

Proposed remediation: add Secure and HTTPOnly flags for cookies.

It could be like this: document.cookie = tprh=${tprh};path=/;Secure;HttpOnly;;

PoC

Screenshot:

Impact

Secure: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure. HttpOnly: This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie's value.

References CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute https://cwe.mitre.org/data/definitions/614.html CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag - https://cwe.mitre.org/data/definitions/1004.html OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/ Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag

Other: Title: Encrypting the Web URL: https://www.eff.org/encrypt-the-web

Update (Required advisory information) - added severity, resource: https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set

Best regards,

Database specific

{
    "github_reviewed_at": "2024-08-27T19:50:59Z",
    "cwe_ids": [
        "CWE-1004",
        "CWE-319",
        "CWE-614"
    ],
    "nvd_published_at": "2024-10-09T19:15:14Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

PyPI / taipy

Package

Name: taipy; View open source insights on deps.dev
Purl: pkg:pypi/taipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.0

Affected versions

1.*

1.0.0

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

3.*

3.0.0

3.1.0

3.1.1

Database specific

{
    "last_known_affected_version_range": "<= 3.1.1"
}