Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Wed, 16 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-319
CWE-732
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


Wed, 09 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Avaiga
Avaiga taipy
CPEs cpe:2.3:a:avaiga:taipy:*:*:*:*:*:*:*:*
Vendors & Products Avaiga
Avaiga taipy
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 18:45:00 +0000

Type Values Removed Values Added
Description Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Session Cookie without Secure and HTTPOnly flags in taipy
Weaknesses CWE-1004
CWE-614
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-09T18:25:02.563Z

Updated: 2024-10-09T19:55:10.993Z

Reserved: 2024-10-03T14:06:12.643Z

Link: CVE-2024-47833

cve-icon Vulnrichment

Updated: 2024-10-09T19:54:51.487Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-09T19:15:14.793

Modified: 2024-10-16T16:33:34.493

Link: CVE-2024-47833

cve-icon Redhat

No data.