[MAVEN:GHSA-697V-PXG3-J262] Togglz console missing cross-site request forgery (CSRF) protection
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.
Package | Affected Version |
---|---|
pkg:maven/org.togglz/togglz-console | < 2.9.4 |
Package | Fixed Version |
---|---|
pkg:maven/org.togglz/togglz-console | = 2.9.4 |
- ID
- MAVEN:GHSA-697V-PXG3-J262
- Severity
- high
- URL
- https://github.com/advisories/GHSA-697v-pxg3-j262
- Published
-
2022-07-15T20:55:21
(2 years ago) - Modified
-
2023-02-03T05:01:27
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.togglz/togglz-console | org.togglz | togglz-console | < 2.9.4 | |||
Fixed | pkg:maven/org.togglz/togglz-console | org.togglz | togglz-console | = 2.9.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |