CVE-2024-47833

MEDIUM

Taipy <4.0.0 - Info Disclosure

Title source: llm

Description

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp

Scores

CVSS v3 6.5

EPSS 0.0008

EPSS Percentile 24.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-319 CWE-614 CWE-732 CWE-1004

Status published

Products (2)

avaiga/taipy < 4.0.0

pypi/taipy 0 - 4.0.0PyPI

Published Oct 09, 2024

Tracked Since Feb 18, 2026