PT-2023-27216 · Oppia · Oppia
Name of the Vulnerable Software and Affected Versions: Oppia versions prior to 3.3.2-hotfix-2 Description: Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. B...