Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4j8w-p6hv-3qxc: Cross-Site Request Forgery (CSRF) in automad/automad

automad up to 1.10.9 does not implement anti-CSRF tokens by default, making it vulnerable Cross-Site Request Forgery (CSRF). An attacker may exploit this vulnerability to force an admin into creating or deleting users. An exploit has been disclosed publicly.

ghsa
#csrf#vulnerability#git

Cross-Site Request Forgery (CSRF) in automad/automad

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames