exploitDog

GHSA-895f-2fwm-hcv8

Опубликовано: 13 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).

Ссылки

EPSS

Процентиль: 8%

0.00028

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-269

CWE-352

Связанные уязвимости

CVE-2023-52431

CVSS3: 8.8

nvd

почти 2 года назад

The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).

EPSS

Процентиль: 8%

0.00028

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-269

CWE-352