CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Aio-Libs: >> Aiohttp Session Security Vulnerabilities

CVE-2018-1000814

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.

CVSS Score

6.5

EPSS Score

0.002

Published

2018-12-20

Page 1

Vulnerabilities

Vulnerable Software

Aio-Libs: >> Aiohttp Session Security Vulnerabilities

Products

Pricing

Contact Us