EUVD-2020-18847

Malware in sbrugna...

CVE-2020-26251

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

CVE-2020-26251

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

Cross site request forgery (csrf)

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

CVE-2020-26251 CORS configuration is possibly vulnerable

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...

CVE-2020-26251

Open Zaak (version prior to 1.3.3) had a wide-open CORS policy allowing any client, which could enable cross-origin scripts to access the API. The CVE notes that Open Zaak 1.3.3 disables CORS by default, with opt-in possible via environment variables. The publicly provided documents state that ex...

Open Zaak Access Control Error Vulnerability

Open Zaak is a Python-based data and service layer application from the Open Zaak team. The software can Zaakgericht Werken interact. Open Zaak before version 1.3.3 suffers from an Access Control Error vulnerability that stems from the fact that the cross-domain resource sharing policy is current...