Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (==), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
5.3CVSS
5.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS