Summaryinfo

A vulnerability classified as problematic was found in nsupdate.info. This vulnerability affects unknown code of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie httponly flag. This vulnerability was named CVE-2019-25091. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability classified as problematic has been found in nsupdate.info (version unknown). This affects an unknown function of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY with an unknown input leads to a cookie httponly flag vulnerability. CWE is classifying the issue as CWE-1004. The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. This is going to have an impact on confidentiality.

The weakness was shared 12/27/2022 as 410. The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2019-25091. Technical details are known, but no exploit is available.

Applying the patch 60a3fe559c453bc36b0ec3e5dd39c1303640a59a is able to eliminate this problem. The bugfix is ready for download at github.com.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• nsupdate.info

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion