id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20444	Cookie-based sessions does not include a remote code execution-warning	Sasha Romijn	nobody	"As cookie-based sessions use pickle, an attacker which is able to generate an arbitrary valid session cookie, is able to remotely execute arbitrary code. This, this means having the secret key of any website that has cookie-based sessions enabled means anyone can execute arbitrary code.

This is not a new fact, but I think it deserves a bold warning with the cookie-based sessions documentation, as it is such a more extreme case than other possible risks of leaking the secret key."	Cleanup/optimization	closed	contrib.sessions	dev	Normal	fixed	dceu13	eromijn@…	Ready for checkin	1	0	0	0	0	0