Количество 2
Количество 2
CVE-2020-28452
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.
GHSA-4jf5-jggp-g56j
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-28452 This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty. | CVSS3: 6.3 | 0% Низкий | около 5 лет назад |
| GHSA-4jf5-jggp-g56j Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12 | CVSS3: 8.8 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу