9 matches found
EUVD-2022-6486
Malicious code in bioql PyPI...
BIT-CODEIGNITER-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
GHSA-5HM8-VH6R-2CJQ CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...
CVE-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
Authentication flaw
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
CVE-2022-35943
Summary: CVE-2022-35943 affects CodeIgniter Shield (CodeIgniter 4) and may allow SameSite attackers to bypass CSRF protection when they control a subdomain. The issue exists regardless of whether CSRF protection is cookie or session based, and regardless of regenerate setting. Affected software/c...
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...