Skip to content

Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges

Low
Michael-Herzog published GHSA-2w95-84hm-cw86 Nov 23, 2020

Package

No package listed

Affected versions

< 4.1.0

Patched versions

4.1.0

Description

Impact

State changing endpoints are not protected from CSRF attack.

Patches

This vulnerability is closed in version 4.1.0.

Severity

Low

CVE ID

CVE-2020-27997

Weaknesses

No CWEs

Credits