Security Advisory

CVE-2018-1000814

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-20 15:00:00
Last updated 2024-09-17 01:01:46
Assigner mitre
State PUBLISHED

Description

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.