Python http.cookies Vulnerability in BaseCookie.js_output Method Allows HTML Injection
Vulnerability
A vulnerability exists in the Python http.cookies module, specifically in the BaseCookie.js_output method. This method generates a JavaScript snippet for embedding cookie values but only partially escapes characters for JavaScript string contexts. It fails to neutralize HTML-sensitive sequences, such as '</script>', which can lead to HTML injection. The issue arises because the method's output can be parsed as HTML, potentially allowing for the injection of malicious scripts. To address this, the vulnerability has been mitigated by base64-encoding the cookie values before embedding them in the JavaScript output, ensuring that any HTML-sensitive characters are properly handled.
Impact
Exploitation of this vulnerability could lead to HTML injection, allowing an attacker to inject malicious scripts that could be executed in the context of the user's browser.
Reproduction
The vulnerability can be reproduced by creating a SimpleCookie object and setting a cookie value that includes a script tag. When the js_output method is called, the output will include the unescaped script tag, which can be executed as JavaScript.
Remediation
Users should ensure that they are using a version of Python where this vulnerability has been addressed. The mitigation involves base64-encoding cookie values before embedding them in JavaScript using the js_output method.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.