[MAVEN:GHSA-697V-PXG3-J262] Togglz console missing cross-site request forgery (CSRF) protection

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.

Package	Affected Version
pkg:maven/org.togglz/togglz-console	< 2.9.4

Package	Fixed Version
pkg:maven/org.togglz/togglz-console	= 2.9.4

ID: MAVEN:GHSA-697V-PXG3-J262
Severity: high
URL: https://github.com/advisories/GHSA-697v-pxg3-j262
Published: 2022-07-15T20:55:21
(2 years ago)
Modified: 2023-02-03T05:01:27
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2020-28191
			https://github.com/togglz/togglz/pull/495
			https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707
			https://www.mend.io/vulnerability-database/CVE-2020-28191
			https://github.com/advisories/GHSA-697v-pxg3-j262

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.togglz/togglz-console	org.togglz	togglz-console	< 2.9.4
Fixed	pkg:maven/org.togglz/togglz-console	org.togglz	togglz-console	= 2.9.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date