Описание
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| web2py | removed | package | ||
| web2py | ignored | jessie | package | |
| web2py | no-dsa | wheezy | package |
Примечания
https://github.com/web2py/web2py/issues/1585
https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
Связанные уязвимости
CVSS3: 8.8
nvd
около 9 лет назад
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
CVSS3: 4.5
github
больше 3 лет назад
Web2py Cross-Site Request Forgery vulnerability