CVE-2020-11729

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.

Database specific

{
    "unresolved_ranges": [
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                },
                {
                    "last_affected": "10.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}

References

Affected packages

Git / gitlab.com/davical-project/awl

Affected ranges

Type

GIT

Repo

https://gitlab.com/davical-project/awl

Events

Introduced

Last affected

3efb13de38ea4c1cc298f206199848467af18456

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.60"
        }
    ],
    "cpe": "cpe:2.3:a:davical:andrew\\'s_web_libraries:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

debian/0.*

debian/0.55%git20140913-1

debian/0.55-1

debian/0.56-2

r0.*

r0.54

r0.55

r0.56

r0.57

r0.58

r0.59

r0.60

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11729.json"