VulnerableCode Package Details - pkg:pypi/aiohttp-session@0.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4aw6-4j9f-w7ar Aliases: CVE-2018-1000814 GHSA-mr4x-c4v9-x729 PYSEC-2018-35	aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.	2.7.0 Affected by 0 other vulnerabilities.
VCID-wrsz-1761-ybeq Aliases: CVE-2018-1000519 GHSA-fpwp-69xv-c67f PYSEC-2018-80	aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).	2.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4aw6-4j9f-w7ar
Aliases:
CVE-2018-1000814
GHSA-mr4x-c4v9-x729
PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.

2.7.0
Affected by 0 other vulnerabilities.

VCID-wrsz-1761-ybeq
Aliases:
CVE-2018-1000519
GHSA-fpwp-69xv-c67f
PYSEC-2018-80

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).

2.4.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:50:45.776650+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.4.0
2026-04-16T20:47:32.996600+00:00	GitLab Importer	Affected by	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.4.0
2026-04-16T01:26:15.060670+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.4.0
2026-04-16T01:22:43.834500+00:00	GHSA Importer	Affected by	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.4.0
2026-04-11T22:01:25.819166+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.3.0
2026-04-11T21:58:25.499454+00:00	GitLab Importer	Affected by	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.3.0
2026-04-11T12:55:33.371938+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.3.0
2026-04-11T12:52:03.156952+00:00	GHSA Importer	Affected by	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.3.0
2026-04-02T22:14:28.514195+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.1.0
2026-04-02T22:11:44.826049+00:00	GitLab Importer	Affected by	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.1.0
2026-04-02T13:48:04.131455+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.1.0
2026-04-02T13:45:03.431780+00:00	GHSA Importer	Affected by	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.1.0
2026-04-01T16:31:58.063547+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.0.0
2026-04-01T16:29:06.838666+00:00	GitLab Importer	Affected by	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.0.0
2026-04-01T15:00:35.058723+00:00	PyPI Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:00:18.521333+00:00	PyPI Importer	Affected by	VCID-wrsz-1761-ybeq	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:41:54.484425+00:00	Pypa Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp-session/PYSEC-2018-35.yaml	38.0.0
2026-04-01T12:41:45.149926+00:00	Pypa Importer	Affected by	VCID-wrsz-1761-ybeq	https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp-session/PYSEC-2018-80.yaml	38.0.0