Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2j58-pwwv-x666

Опубликовано: 09 сент. 2021
Источник: github
Github: Прошло ревью
CVSS3: 7.6

Описание

Cross-Site Request Forgery in sqlite-web

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.

Ссылки

Пакеты

Наименование

sqlite-web

pip
Затронутые версииВерсия исправления

<= 0.6.5

Отсутствует

EPSS

Процентиль: 35%
0.00141
Низкий

7.6 High

CVSS3

CVE ID

CVE-2021-23404

Дефекты

CWE-352

Связанные уязвимости

nvd логотип

CVE-2021-23404

CVSS3: 7.6
nvd
больше 4 лет назад

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.

EPSS

Процентиль: 35%
0.00141
Низкий

7.6 High

CVSS3

CVE ID

CVE-2021-23404

Дефекты

CWE-352