Headline
GHSA-gmj8-84r4-h46j: rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user’s email ID. Version 2.4.7 has a fix for this issue.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-3274
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
High severity GitHub Reviewed Published Sep 23, 2022 • Updated Sep 23, 2022
Package
pip rdiffweb (pip)
Affected versions
< 2.4.7
Description
Related news
CVE-2022-3274: Mitigate CSRF on user's settings #221 · ikus060/rdiffweb@e974df7
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.