PYSEC-2024-168
Vulnerability from pysec - Published: 2024-10-09 19:15 - Updated: 2025-01-18 19:19
VLAI?
Details
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
6.5 (Medium)
Impacted products
| Name | purl | taipy | pkg:pypi/taipy |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "taipy",
"purl": "pkg:pypi/taipy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0",
"1.1.0",
"2.0.0",
"2.1.0",
"2.2.0",
"2.3.0",
"2.3.1",
"2.4.0",
"3.0.0",
"3.1.0",
"3.1.1"
]
}
],
"aliases": [
"CVE-2024-47833",
"GHSA-r3jq-4r5c-j9hp"
],
"details": "Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
"id": "PYSEC-2024-168",
"modified": "2025-01-18T19:19:07.718423+00:00",
"published": "2024-10-09T19:15:14+00:00",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp"
},
{
"type": "EVIDENCE",
"url": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R3JQ-4R5C-J9HP
Vulnerability from github – Published: 2024-08-27 19:50 – Updated: 2025-01-21 18:28
VLAI?
Summary
Taipy has a Session Cookie without Secure and HTTPOnly flags
Details
Summary
Session cookie is without Secure and HTTPOnly flags.
Details
Please take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)
Occurrences: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67
Proposed remediation: add Secure and HTTPOnly flags for cookies.
It could be like this:
document.cookie = tprh=${tprh};path=/;Secure;HttpOnly;;
PoC
Screenshot:
Impact
Secure: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure. HttpOnly: This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie's value.
References CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute https://cwe.mitre.org/data/definitions/614.html CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag - https://cwe.mitre.org/data/definitions/1004.html OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/ Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag
Other: Title: Encrypting the Web URL: https://www.eff.org/encrypt-the-web
Update (Required advisory information) - added severity, resource: https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set
Best regards,
Severity ?
6.5 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.1"
},
"package": {
"ecosystem": "PyPI",
"name": "taipy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47833"
],
"database_specific": {
"cwe_ids": [
"CWE-1004",
"CWE-319",
"CWE-614"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-27T19:50:59Z",
"nvd_published_at": "2024-10-09T19:15:14Z",
"severity": "MODERATE"
},
"details": "### Summary\nSession cookie is without Secure and HTTPOnly flags.\n\n### Details\nPlease take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)\n\n**Occurrences**:\nhttps://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67\n\n**Proposed remediation:** add Secure and HTTPOnly flags for cookies.\n\nIt could be like this:\ndocument.cookie = `tprh=${tprh};path=/;Secure;HttpOnly;`;\n\n\n### PoC\n**Screenshot**:\n\n\n\n### Impact\n**Secure**: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure.\n**HttpOnly:** This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie\u0027s value.\n\n**References**\n CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute https://cwe.mitre.org/data/definitions/614.html\n CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag - https://cwe.mitre.org/data/definitions/1004.html\n OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute\n Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/\n Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag\n\n**Other**:\nTitle: Encrypting the Web\nURL: https://www.eff.org/encrypt-the-web\n\nUpdate (Required advisory information) - added severity, resource: \nhttps://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set\n\nBest regards,",
"id": "GHSA-r3jq-4r5c-j9hp",
"modified": "2025-01-21T18:28:45Z",
"published": "2024-08-27T19:50:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47833"
},
{
"type": "PACKAGE",
"url": "https://github.com/Avaiga/taipy"
},
{
"type": "WEB",
"url": "https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/taipy/PYSEC-2024-168.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Taipy has a Session Cookie without Secure and HTTPOnly flags"
}
CVE-2024-47833 (GCVE-0-2024-47833)
Vulnerability from cvelistv5 – Published: 2024-10-09 18:25 – Updated: 2024-10-09 19:55
VLAI?
Summary
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avaiga:taipy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "taipy",
"vendor": "avaiga",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47833",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:51:41.486824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:55:10.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "taipy",
"vendor": "Avaiga",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1004",
"description": "CWE-1004: Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:25:02.563Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp"
}
],
"source": {
"advisory": "GHSA-r3jq-4r5c-j9hp",
"discovery": "UNKNOWN"
},
"title": "Session Cookie without Secure and HTTPOnly flags in taipy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47833",
"datePublished": "2024-10-09T18:25:02.563Z",
"dateReserved": "2024-10-03T14:06:12.643Z",
"dateUpdated": "2024-10-09T19:55:10.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…