CVE-2023-0055 — Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

How to fix CVE-2023-0055

To remediate CVE-2023-0055, upgrade the affected package to a fixed version below.

—upgrade to 0.5.0b3.dev32 or later

Is CVE-2023-0055 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 0.5.0b3.dev32

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-0055
PATCHgithub.com/pyload/pyload
WEBgithub.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
WEBhuntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce