PYSEC-2018-80
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp-session/PYSEC-2018-80.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2018-80
- Aliases
-
- CVE-2018-1000519
- GHSA-fpwp-69xv-c67f
- Published
- 2018-06-26T16:29:00Z
- Modified
- 2023-11-08T03:59:38.712396Z
- Summary
- [none]
- Details
-
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).
- References
Affected packages
PyPI / aiohttp-session
Package
- Name
- aiohttp-session
- View open source insights on deps.dev
- Purl
- pkg:pypi/aiohttp-session