Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.0 PyPI

rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

GHSA-gmj8-84r4-h46j · CVE-2022-3274 · PYSEC-2022-289

Published · Modified

Description

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes