Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-697v-pxg3-j262: Togglz console missing cross-site request forgery (CSRF) protection

Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.

ghsa
#csrf#git#java

Togglz console missing cross-site request forgery (CSRF) protection

Moderate severity GitHub Reviewed Published Jul 15, 2022 • Updated Jul 15, 2022

Related news

CVE-2023-43472: Contrast discovers MLflow framework zero-day that threatens to poison machine language models

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

CVE-2020-28191: CVE-2020-28191 - GitHub Advisory Database

The console in Togglz before 2.9.4 allows CSRF.