Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-6WQP-7G94-F69J
HistoryMay 21, 2024 - 6:26 p.m.

sensiolabs/connect has a Cross-Site Request Forgery Vulnerability

2024-05-2118:26:46
Google
osv.dev
5
sensiolabs/connect
csrf vulnerability
versions prior to 4.2.3
oauth requests
state parameter
application security

AI Score

7.4

Confidence

High

JSON

Versions of sensiolabs/connect prior to 4.2.3 are affected by a Cross-Site Request Forgery (CSRF) vulnerability due to the absence of the state parameter in OAuth requests. The lack of proper state parameter handling exposes applications to CSRF attacks during the OAuth authentication flow.

AI Score

7.4

Confidence

High

JSON