Home > Vulnerability Database > CVE-2019-25091

Mend.io Vulnerability Database

CVE-2019-25091

Good to know:

Date: December 27, 2022

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

Language: Python

Severity Score

3.7

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-25091

Url: https://github.com/nsupdate-info/nsupdate.info/commit/60a3fe559c453bc36b0ec3e5dd39c1303640a59a

Url: https://github.com/nsupdate-info/nsupdate.info

Url: https://github.com/nsupdate-info/nsupdate.info/pull/410

Url: https://vuldb.com/?ctiid.216909

Url: https://vuldb.com/?id.216909

Url: https://www.mend.io/vulnerability-database/CVE-2019-25091

Severity Score

3.7

Weakness Type (CWE)

Sensitive Cookie Without 'HttpOnly' Flag

CWE-1004

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2019-25091

Good to know:

Date: December 27, 2022

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?