Headline

GHSA-697v-pxg3-j262: Togglz console missing cross-site request forgery (CSRF) protection

Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.

2 years ago

ghsa

Open in Source

#csrf #git #java

Togglz console missing cross-site request forgery (CSRF) protection

Moderate severity GitHub Reviewed Published Jul 15, 2022 • Updated Jul 15, 2022

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

10 months ago

CVE

Open in Source

#xss #csrf #vulnerability #web #mac #amazon #js #git #java #kubernetes #rce #pdf #aws #zero_day

CVE-2020-28191: CVE-2020-28191 - GitHub Advisory Database

The console in Togglz before 2.9.4 allows CSRF.

1 year ago

CVE

Open in Source

#csrf #git

ghsa: Latest News

GHSA-w7qr-q9fh-fj35: Dozzle uses unsafe hash for passwords

19 hours ago

ghsa

GHSA-mq92-jr35-ffpc: open-webui allows enumeration of file names and traversal of directories by observing the error messages

19 hours ago

ghsa

GHSA-xcvc-5hgv-phqg: open-webui Insecure Direct Object Reference (IDOR) vulnerability

19 hours ago

ghsa

GHSA-54f4-v6v9-9q82: open-webui allows writing and deleting arbitrary files

19 hours ago

ghsa

GHSA-7qmx-3fpx-r45m: Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations

22 hours ago

ghsa

Headline

GHSA-697v-pxg3-j262: Togglz console missing cross-site request forgery (CSRF) protection

Related news

ghsa: Latest News