What is CVE-2024-47833?

CVE-2024-47833 is a vulnerability in Avaiga Taipy, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. Published 2024-10-09.

Is CVE-2024-47833 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Avaiga Taipy

CVE-2024-47833

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been…

EPSS: 0.001 (24.6th percentile) — read the EPSS interpretation.

Affected products

Avaiga Taipy — versions < 4.0.0

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

Public proof-of-concept exploits

mbiesiad/security-hall-of-fame-mb

References

https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-47833?: CVE-2024-47833 is a vulnerability in Avaiga Taipy, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. Published 2024-10-09.
Is CVE-2024-47833 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.