Lucene search
Redhat.comRH:CVE-2020-35217HistoryFeb 04, 2021 - 4:22 p.m.
CVE-2020-35217
2021-02-0416:22:33
redhat.com
access.redhat.com
8
0.001 Low
EPSS
Percentile
29.8%
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
Related
osv
osv
Cross-Site Request Forgery in Vert.x-Web framework
2021-04-22 16:16:18
CVE-2020-35217
2021-01-20 13:15:12
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-01-21 08:51:25
prion
prion
Cross site request forgery (csrf)
2021-01-20 13:15:00
cve
cve
CVE-2020-35217
2021-01-20 13:15:00
github
github
Cross-Site Request Forgery in Vert.x-Web framework
2021-04-22 16:16:18
cvelist
cvelist
CVE-2020-35217
2021-01-20 12:28:44