Описание
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Versions of sensiolabs/connect prior to 4.2.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability due to the absence of the state parameter in OAuth requests. The lack of proper state parameter handling exposes applications to CSRF attacks during the OAuth authentication flow.
Пакеты
Наименование
sensiolabs/connect
composer
Затронутые версииВерсия исправления
< 4.2.3
4.2.3
6.1 Medium
CVSS3
Дефекты
CWE-352
6.1 Medium
CVSS3
Дефекты
CWE-352