Lucene search
GoogleOSV:GHSA-2J58-PWWV-X666HistorySep 09, 2021 - 5:10 p.m.
Cross-Site Request Forgery in sqlite-web
2021-09-0917:10:35
Google
osv.dev
9
0.001 Low
EPSS
Percentile
46.8%
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sqlite-web | eq | 0.3.3 | |
| sqlite-web | eq | 0.3.0 | |
| sqlite-web | eq | 0.1.3 | |
| sqlite-web | eq | 0.1.6 | |
| sqlite-web | eq | 0.1.1 | |
| sqlite-web | eq | 0.1.5 | |
| sqlite-web | eq | 0.3.6 | |
| sqlite-web | eq | 0.2.2 | |
| sqlite-web | eq | 0.3.1 | |
| sqlite-web | eq | 0.1.8 |
Related
sqlite
sqlite
SQLite report about CVE-2021-23404
2021-01-01 00:00:00
osv
osv
PYSEC-2021-332
2021-09-08 11:15:00
prion
prion
Cross site request forgery (csrf)
2021-09-08 11:15:00
cvelist
cvelist
CVE-2021-23404 Cross-site Request Forgery (CSRF)
2021-09-08 00:00:00
cve
cve
CVE-2021-23404
2021-09-08 11:15:07
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-09-09 01:04:15
nvd
nvd
CVE-2021-23404
2021-09-08 11:15:07
github
github
Cross-Site Request Forgery in sqlite-web
2021-09-09 17:10:35