Lucene search

GoogleOSV:GHSA-C54W-7J5F-XG98

HistoryApr 26, 2023 - 6:30 p.m.

@builder.io/qwik-city Cross-Site Request Forgery vulnerability

2023-04-2618:30:21

Google

osv.dev

cross-site request forgery

github

qwik

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

CPENameOperatorVersion
@builder.io/qwik-citylt0.104.0

CPE	Name	Operator	Version
	@builder.io/qwik-city	lt	0.104.0

References

github.com/builderio/qwik

github.com/BuilderIO/qwik/commit/f434d335277418f5bd8dd90fae5cb089e1230cb8

github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57

github.com/BuilderIO/qwik/releases/tag/v0.104.0

huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917

nvd.nist.gov/vuln/detail/CVE-2023-2307

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

Related for OSV:GHSA-C54W-7J5F-XG98