VulnerableCode Package Details - pkg:pypi/aiohttp-session@2.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4aw6-4j9f-w7ar Aliases: CVE-2018-1000814 GHSA-mr4x-c4v9-x729 PYSEC-2018-35	aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.	2.7.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4aw6-4j9f-w7ar
Aliases:
CVE-2018-1000814
GHSA-mr4x-c4v9-x729
PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value.

2.7.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wrsz-1761-ybeq	aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).	CVE-2018-1000519 GHSA-fpwp-69xv-c67f PYSEC-2018-80

Vulnerability

Summary

Aliases

VCID-wrsz-1761-ybeq

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).

CVE-2018-1000519
GHSA-fpwp-69xv-c67f
PYSEC-2018-80

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:50:45.827018+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.4.0
2026-04-16T20:47:33.052430+00:00	GitLab Importer	Fixing	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.4.0
2026-04-16T01:26:15.129412+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.4.0
2026-04-16T01:22:43.896521+00:00	GHSA Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.4.0
2026-04-11T22:01:25.876441+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.3.0
2026-04-11T21:58:25.558556+00:00	GitLab Importer	Fixing	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.3.0
2026-04-11T12:55:33.435598+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.3.0
2026-04-11T12:52:03.221747+00:00	GHSA Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.3.0
2026-04-02T22:14:28.567451+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.1.0
2026-04-02T22:11:44.878208+00:00	GitLab Importer	Fixing	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.1.0
2026-04-02T13:48:04.180997+00:00	GHSA Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/advisories/GHSA-mr4x-c4v9-x729	38.1.0
2026-04-02T13:45:03.452451+00:00	GHSA Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.1.0
2026-04-01T16:31:58.115696+00:00	GitLab Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000814.yml	38.0.0
2026-04-01T15:56:38.931544+00:00	GHSA Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/advisories/GHSA-fpwp-69xv-c67f	38.0.0
2026-04-01T15:00:35.117789+00:00	PyPI Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T15:00:18.575254+00:00	PyPI Importer	Fixing	VCID-wrsz-1761-ybeq	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T13:03:42.929182+00:00	GithubOSV Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-fpwp-69xv-c67f/GHSA-fpwp-69xv-c67f.json	38.0.0
2026-04-01T12:47:57.682607+00:00	GitLab Importer	Fixing	VCID-wrsz-1761-ybeq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp-session/CVE-2018-1000519.yml	38.0.0
2026-04-01T12:41:54.513389+00:00	Pypa Importer	Affected by	VCID-4aw6-4j9f-w7ar	https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp-session/PYSEC-2018-35.yaml	38.0.0
2026-04-01T12:41:45.180197+00:00	Pypa Importer	Fixing	VCID-wrsz-1761-ybeq	https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp-session/PYSEC-2018-80.yaml	38.0.0