CVE-2020-7780

🗓️ 27 Nov 2020 16:40:10Reported by snykType

CVE-2020-7780 affects com.softwaremill.akka-http-session:core_2.13, 2.12, 2.11 before 0.5.11, allowing bypass of randomTokenCsrfProtection

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2020-7780	27 Nov 202020:50	–	circl
CNNVD	Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability	27 Nov 202000:00	–	cnnvd
Cvelist	CVE-2020-7780 Cross-site Request Forgery (CSRF)	27 Nov 202016:40	–	cvelist
EUVD	EUVD-2022-1143	3 Oct 202520:07	–	euvd
Github Security Blog	Cross-Site Request Forgery	9 Feb 202223:06	–	github
NVD	CVE-2020-7780	27 Nov 202017:15	–	nvd
OSV	GHSA-Q42Q-523G-3FWV Cross-Site Request Forgery	9 Feb 202223:06	–	osv
Prion	Code injection	27 Nov 202017:15	–	prion
Snyk	Cross-site Request Forgery (CSRF)	10 Mar 202016:51	–	snyk
Snyk	Cross-site Request Forgery (CSRF)	10 Mar 202016:51	–	snyk

NVD

Node

softwaremill akka-http-sessionRange≤0.5.11

[
  {
    "product": "com.softwaremill.akka-http-session:core_2.13",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "0.5.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "com.softwaremill.akka-http-session:core_2.12",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "0.5.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "com.softwaremill.akka-http-session:core_2.11",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "0.5.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/softwaremill/akka-http-session/commit/57f11663eecb84be03383d164f655b9c5f953b41
snyk	www.snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655
github	www.github.com/softwaremill/akka-http-session/issues/77
snyk	www.snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1045352
github	www.github.com/softwaremill/akka-http-session/issues/74
snyk	www.snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654

21 Nov 2024 05:37Current

7.3High risk

Vulners AI Score7.3

CVSS 26.8

CVSS 3.16.3 - 8.8

EPSS0.00365

CWE-352