Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-08-07T10:00:00
Updated: 2024-08-06T10:57:17.792Z
Reserved: 2014-05-23T00:00:00
Link: CVE-2014-3852
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-08-07T11:13:35.780
Modified: 2024-11-21T02:08:59.403
Link: CVE-2014-3852
Redhat
No data.