Vulnerability Details CVE-2019-25091
A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.6%
CVSS Severity
CVSS v3 Score 3.7
References
- https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a
- https://github.com/nsupdate-info/nsupdate.info/pull/410
- https://vuldb.com/?ctiid.216909
- https://vuldb.com/?id.216909
- https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a
- https://github.com/nsupdate-info/nsupdate.info/pull/410
- https://vuldb.com/?ctiid.216909
- https://vuldb.com/?id.216909
Products affected by CVE-2019-25091
-
cpe:2.3:a:nsupdate:nsupdate.info:-
-
cpe:2.3:a:nsupdate:nsupdate.info:0.10.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.11.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.12.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.2.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.3.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.4.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.5.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.6.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.7.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.8.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.9.0
-
cpe:2.3:a:nsupdate:nsupdate.info:0.9.1