Lucene search
GoogleOSV:GHSA-P8WW-VV84-C2RMHistoryOct 18, 2018 - 5:41 p.m.
OrientDB-Server vulnerable to Cross-Site Request Forgery
2018-10-1817:41:13
Google
osv.dev
6
0.005 Low
EPSS
Percentile
76.4%
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.orientechnologies:orientdb-studio | eq | 2.1.0 |
Related
cve
cve
CVE-2015-2912
2015-12-31 05:59:08
github
github
OrientDB-Server vulnerable to Cross-Site Request Forgery
2018-10-18 17:41:13
nessus
nessus
OrientDB < 2.0.15 / 2.1.1 XSRF
2015-10-08 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-12-31 05:59:00
cvelist
cvelist
CVE-2015-2912
2015-12-31 02:00:00
nvd
nvd
CVE-2015-2912
2015-12-31 05:59:08
openvas
openvas
cert
cert
OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
2015-09-03 00:00:00