PYSEC-2024-168

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/taipy/PYSEC-2024-168.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-168

Aliases

Published

2024-10-09T19:15:14Z

Modified

2025-01-18T19:56:53.685943Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp

Affected packages

PyPI / taipy

Package

Name: taipy; View open source insights on deps.dev
Purl: pkg:pypi/taipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.0

Affected versions

1.*

1.0.0

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

3.*

3.0.0

3.1.0

3.1.1