Safety vulnerability ID: 61570
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Asyncua 0.9.96 includes a fix for CVE-2023-26150: Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014
Latest version: 1.1.5
Pure Python OPC-UA client and server library
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. See CVE-2023-26150.
MISC:https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121: https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121
MISC:https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a: https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a
MISC:https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513: https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513
MISC:https://github.com/FreeOpcUa/opcua-asyncio/issues/1014: https://github.com/FreeOpcUa/opcua-asyncio/issues/1014
MISC:https://github.com/FreeOpcUa/opcua-asyncio/pull/1015: https://github.com/FreeOpcUa/opcua-asyncio/pull/1015
MISC:https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96: https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96
MISC:https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435: https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application