Headline
GHSA-4j8w-p6hv-3qxc: Cross-Site Request Forgery (CSRF) in automad/automad
automad up to 1.10.9 does not implement anti-CSRF tokens by default, making it vulnerable Cross-Site Request Forgery (CSRF). An attacker may exploit this vulnerability to force an admin into creating or deleting users. An exploit has been disclosed publicly.
Cross-Site Request Forgery (CSRF) in automad/automad
Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023