A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a | Patch Third Party Advisory |
https://github.com/nsupdate-info/nsupdate.info/pull/410 | Patch Third Party Advisory |
https://vuldb.com/?ctiid.216909 | Third Party Advisory |
https://vuldb.com/?id.216909 | Third Party Advisory |
Configurations
History
29 Feb 2024, 01:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jan 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Nsupdate
Nsupdate nsupdate.info |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:nsupdate:nsupdate.info:*:*:*:*:*:*:*:* | |
References | (MISC) https://vuldb.com/?ctiid.216909 - Third Party Advisory | |
References | (MISC) https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a - Patch, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.216909 - Third Party Advisory | |
References | (MISC) https://github.com/nsupdate-info/nsupdate.info/pull/410 - Patch, Third Party Advisory |
27 Dec 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-27 23:15
Updated : 2024-05-17 01:36
NVD link : CVE-2019-25091
Mitre link : CVE-2019-25091
CVE.ORG link : CVE-2019-25091
JSON object : View
Products Affected
nsupdate
- nsupdate.info
CWE
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag