Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-d54j-n3w1-skdp
Vulnerability ID VCID-d54j-n3w1-skdp
Aliases CVE-2023-0055
GHSA-m3g7-wrrq-v5c8
Summary Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-319 Cleartext Transmission of Sensitive Information
CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
System Score Found at
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-0055
cvssv3.1 5.3 https://github.com/pyload/pyload
generic_textual MODERATE https://github.com/pyload/pyload
cvssv3.1 5.3 https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
generic_textual MODERATE https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
cvssv3.1 5.3 https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
generic_textual MODERATE https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-0055
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-0055
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-0055
https://github.com/pyload/pyload
https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
https://nvd.nist.gov/vuln/detail/CVE-2023-0055
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/pyload/pyload
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/pyload/pyload/commit/7b53b8d43c2c072b457dcd19c8a09bcfc3721703
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://huntr.dev/bounties/ed88e240-99ff-48a1-bf32-8e1ef5f13cce
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0055
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.34493
EPSS Score 0.00145
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:17:02.235984+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-m3g7-wrrq-v5c8/GHSA-m3g7-wrrq-v5c8.json 38.6.0