Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.

Affected Packages

PyPI pyload-ng

Affected versions: 0 (fixed in 0.5.0b3.dev32)

Related CVEs

CVE-2023-0055

Key Information

GHSA ID

GHSA-m3g7-wrrq-v5c8

Published

January 5, 2023 12:30 AM

Last Modified

January 11, 2023 8:55 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

pyload-ng

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.