CVE-2020-7780

CVE-2020-7780 affects the akka-http-session core artifacts: core_2.13, core_2.12, and core_2.11 up to version 0.5.11. The underlying issue is a CSRF protection bypass where endpoints protected by randomTokenCsrfProtection can be reached with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN co...

CVE-2020-28452

CSRF protection bypass in the akka-http-session library (com.softwaremill.akka-http-session:core) is reported for multiple Scala versions: core_2.12 (before 0.6.1), core_2.11 (all versions), and core_2.13 (before 0.6.1). The root cause is a CSRF check that only ensures the X-XSRF-TOKEN header and...