Headline
CVE-2020-28191: CVE-2020-28191 - GitHub Advisory Database
The console in Togglz before 2.9.4 allows CSRF.
Togglz console missing cross-site request forgery (CSRF) protection
Moderate severity GitHub Reviewed Published Jul 15, 2022 • Updated Jul 15, 2022
Related news
CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
GHSA-697v-pxg3-j262: Togglz console missing cross-site request forgery (CSRF) protection
Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.