Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-28191: CVE-2020-28191 - GitHub Advisory Database

The console in Togglz before 2.9.4 allows CSRF.

CVE
#csrf#git

Togglz console missing cross-site request forgery (CSRF) protection

Moderate severity GitHub Reviewed Published Jul 15, 2022 • Updated Jul 15, 2022

Related news

CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

GHSA-697v-pxg3-j262: Togglz console missing cross-site request forgery (CSRF) protection

Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907