Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:aiohttp-session_project:aiohttp-session:0.0.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-1000814 |
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value. Published: December 20, 2018; 10:29:00 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |