Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-2894-qcqf-g23g: asyncua Improper Authentication vulnerability

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.

Note:

This issue is a result of missing checks for services that require an active session.

ghsa
Open in Source
#vulnerability#git#auth

asyncua Improper Authentication vulnerability

Moderate severity GitHub Reviewed Published Oct 3, 2023 to the GitHub Advisory Database • Updated Oct 4, 2023

Related news

CVE-2023-26150: check if session is active · FreeOpcUa/opcua-asyncio@b4106df

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa