CVE-2024-47833

MEDIUM

Taipy < 4.0.0 - Cleartext Transmission of Sensitive Information via Session Cookies

Title source: llm

Description

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp

Scores

CVSS v3 6.5

EPSS 0.0025

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-319 CWE-614 CWE-732 CWE-1004

Status published

Products (2)

avaiga/taipy < 4.0.0

pypi/taipy 0 - 4.0.0PyPI

Published Oct 09, 2024

Tracked Since Feb 18, 2026