GO-2026-4537 Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2

Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2...

DRUPAL-CONTRIB-2018-021

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an...