Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

GHSA-2FQR-MR3J-6WP8

Vulnerability from github – Published: 2026-06-15 20:08 – Updated: 2026-06-15 20:08
VLAI
Summary
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Details

Summary

Host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose their host-only status.

Impact

Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed.

Patch: https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2

Severity
1.3 (Low)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.14.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "aiohttp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-15T20:08:51Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\n\nHost-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status.\n\n### Impact\n\nHost-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed.\n\n-----\n\nPatch: https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2",
  "id": "GHSA-2fqr-mr3j-6wp8",
  "modified": "2026-06-15T20:08:51Z",
  "published": "2026-06-15T20:08:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2fqr-mr3j-6wp8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aio-libs/aiohttp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence"
}