Описание
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
Ссылки
- Third Party Advisory
- Release Notes
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.19 (исключая)
cpe:2.3:a:plack\:\:middleware\:\:xsrfblock_project:plack\:\:middleware\:\:xsrfblock:*:*:*:*:*:perl:*:*
EPSS
Процентиль: 8%
0.00028
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-269
Связанные уязвимости
CVSS3: 8.8
github
почти 2 года назад
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).
EPSS
Процентиль: 8%
0.00028
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
CWE-269