Описание
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| icinga-php-library | fixed | 0.14.1-1 | package | |
| icinga-php-library | no-dsa | bookworm | package |
Примечания
https://github.com/Icinga/ipl-web/security/advisories/GHSA-w9pg-7c3h-fc8j
https://github.com/Icinga/ipl-web/commit/492336fdb57a5bb0881ed642ab36f5841337571e (v0.10.1)
Fix integrated into icinga-php-library/0.14.1 release:
https://github.com/Icinga/icinga-php-library/commit/20c73075a9e9824d089bbd2e433bb2f613fd5801
EPSS
Связанные уязвимости
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
EPSS