rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue.
{ "nvd_published_at": "2022-09-13T10:15:00Z", "cwe_ids": [ "CWE-311", "CWE-614" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-09-15T03:22:39Z" }