Lucene search

K

Oppia Security Vulnerabilities

cve
cve

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (==), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS

5.3AI Score

0.001EPSS

2023-08-16 09:15 PM
24
cve
cve

CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to...

6.1CVSS

6.3AI Score

0.001EPSS

2021-11-08 03:15 PM
33