Home > Vulnerability Database > CVE-2024-47833

Mend.io Vulnerability Database

CVE-2024-47833

Good to know:

Date: October 9, 2024

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

6.5

Related Resources (5)

Url: https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp

Url: https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67

Url: https://github.com/Avaiga/taipy

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47833

Url: https://www.mend.io/vulnerability-database/CVE-2024-47833

Severity Score

6.5

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-614

Sensitive Cookie Without 'HttpOnly' Flag

CWE-1004

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version taipy - 4.0.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47833

Good to know:

Date: October 9, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?