Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...

CVE-2024-56140

CVE-2024-56140 affects the Astro CSRF-protection middleware. A semicolon-delimited parameter after the Content-Type (e.g., application/x-www-form-urlencoded; abc) causes the request to be treated as a simple request, bypassing preflight validation and CSRF checks when security.checkOrigin is true...

PT-2022-26688 · Phoenix · Phoenix

Name of the Vulnerable Software and Affected Versions: Phoenix versions prior to 1.6.14 Description: The issue arises from the mishandling of check origin wildcarding in the socket/transport.ex file. This does not affect LiveView applications by default due to the presence of a LiveView CSRF toke...

Phoenix framework 安全漏洞

Phoenix framework is Phoenix framework open source a functional programming language Elixir written in the Web development framework. A security vulnerability exists in Phoenix framework versions prior to 1.6.14, which stems from its socket/transport.ex incorrectly handling the checkorigin wildca...