Lucene search

GitHub Advisory DatabaseGHSA-C54W-7J5F-XG98

HistoryApr 26, 2023 - 6:30 p.m.

@builder.io/qwik-city Cross-Site Request Forgery vulnerability

2023-04-2618:30:21

CWE-352

GitHub Advisory Database

github.com

cross-site request forgery

github

builder.io/qwik

software

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

38.1%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

Affected configurations

Vulners

Node

builder.ioqwik-cityRange<0.104.0

CPENameOperatorVersion
@builder.io/qwik-citylt0.104.0

CPE	Name	Operator	Version
	@builder.io/qwik-city	lt	0.104.0

References

github.com/advisories/GHSA-c54w-7j5f-xg98

github.com/BuilderIO/qwik/commit/f434d335277418f5bd8dd90fae5cb089e1230cb8

github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57

github.com/BuilderIO/qwik/releases/tag/v0.104.0

huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917

nvd.nist.gov/vuln/detail/CVE-2023-2307

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

38.1%

JSON

Related for GHSA-C54W-7J5F-XG98