wathne / dat250-2024-assignment

MIT License
0 stars 0 forks source link

Cookie without SameSite Attribute #6

Open LisaCabot opened 1 week ago

LisaCabot commented 1 week ago

Description: Allows other websites to add cookies to our page. Potential Impact: This can be used to launch a Cross-Site Request Forgery. The Impact would depend on what the CSRF is designed to do. Affected part of the application: Backend Type of vulnerability: Sensitive Cookie with Improper SameSite Attribute (https://cwe.mitre.org/data/definitions/1275.html)

wathne commented 1 week ago

https://flask.palletsprojects.com/en/3.0.x/web-security/#set-cookie-options