3 matches found
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...
CVE-2020-35217
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
CVE-2020-35217
CVE-2020-35217 affects Vert.x-Web framework version 4.0 milestone 1–4. The vulnerability arises from CSRF verification that compares the CSRF token in the cookie against a token stored in the session instead of comparing the token in the request with the cookie. As a result, cookies are automatic...