Headline
CVE-2022-3250
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.
Related news
GHSA-m748-hjqg-rpp8: rdiffweb has insecure HTTP cookies
In rdiffweb prior to version 2.4.6, the `cookie` session_id does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue.