Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mwvp-qr62-cvjx

GitHub Security Advisory

nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file `src/nsupdate/settings/base.py` of the component `CSRF Cookie Handler`. The manipulation of the argument `CSRF_COOKIE_HTTPONLY` leads to cookie without `httponly` flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

Affected Packages

PyPI nsupdate
Affected versions: 0 (last affected: 0.12.0)

Related CVEs

CVE-2019-25091

Key Information

GHSA ID
GHSA-mwvp-qr62-cvjx
Published
December 28, 2022 12:30 AM
Last Modified
January 9, 2023 9:51 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
nsupdate
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.