EUVD-2021-28745

Malicious code in bioql PyPI...

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

Cross site request forgery (csrf)

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2023-40021

CVE-2023-40021 affects Oppia: timing-attack CSRF token validation using string equality in CsrfTokenManager.is_csrf_token_valid allows an attacker to brute-force the token character-by-character via lure-and-traud site, enabling forged actions in a logged-in user’s session. Impact includes profil...

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

Oppia 安全漏洞

Oppia is an online learning tool. Used to easily create and share interactive activities. A security vulnerability exists in Oppia versions 1.1.0 through 3.3.2, which stems from the use of the string equality operator == when comparing received CSRF tokens to expected tokens, and can be exploited...

PT-2023-27216 · Oppia · Oppia

Name of the Vulnerable Software and Affected Versions: Oppia versions prior to 3.3.2-hotfix-2 Description: Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. B...

CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them...

CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them...

Design/Logic Flaw

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them...

CVE-2021-41733

CVE-2021-41733 is associated with Apache HTTP Server, where Apache 2.4.49 implements a path traversal/file disclosure vulnerability caused by not properly validating URLs before access. The issue allows an attacker to map URLs outside the document root and potentially disclose sensitive files. In...

CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them...

Oppia 输入验证错误漏洞

Oppia is an online learning tool. Used to easily create and share interactive activities. A security vulnerability exists in versions prior to Oppia 3.1.4 that stems from the application not validating certain URLs before navigating to them...