com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.12 (>=0.3.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connectivity support for single page or mobile applications from Softwaremill, Poland. A cross-site request forgery vulnerability exists in Softwaremill Akka-http-session core2.12 from 0 and befo...

Code injection

This affects the package com.softwaremill.akka-http-session:core2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection...

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connection support for single page or mobile applications from Softwaremill, Poland. A security vulnerability exists in com.softwaremill.akka-http-session:core2.13, which stems from the fact that...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks...

com.softwaremill.akka-http-session:jwt_2.13 (=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.13 (=0.5.10)

com.softwaremill.akka-http-session:core2.13 MAVEN version =0.5.10 is affected by a known vulnerability. The following packages have a transitive dependency on com.softwaremill.akka-http-session:core2.13 and may be impacted: - com.softwaremill.akka-http-session:jwt2.13 =0.5.10 Source cves:...

com.codacy:codacy-seed-client-akka-http_2.11 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.11 (>=0.2.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.11 (>=0.2.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.11 MAVEN version =0.2.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.2.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. Remediation Upgrade...