CVE-2020-28452
CSRF protection bypass in the akka-http-session library (com.softwaremill.akka-http-session:core) is reported for multiple Scala versions: core_2.12 (before 0.6.1), core_2.11 (all versions), and core_2.13 (before 0.6.1). The root cause is a CSRF check that only ensures the X-XSRF-TOKEN header and...