Lucene search
Veracode Vulnerability DatabaseVERACODE:22289HistoryJan 14, 2020 - 2:42 a.m.
Server-Side Request Forgery
2020-01-1402:42:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
41.1%
odata-client-core is vulnerable to cross-site request forgery (CSRF). The AsyncRequestWrapperImpl class reads a URL from the Location header and sends a GET/DELETE request to the URL without verifying the authenticity of the request. This allows a remote attacker to trick a user into visiting a malicious site that causes the client browser to make a call to any URL including internal resources which are not directly accessible by the attacker.
| CPE | Name | Operator | Version |
|---|---|---|---|
| odata-client-core | le | 4.7.0 |
Related
symantec
symantec
redhatcve
redhatcve
CVE-2020-1925
2020-01-13 06:09:00
osv
osv
CVE-2020-1925
2020-01-09 19:15:10
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
prion
prion
Server side request forgery (ssrf)
2020-01-09 19:15:00
github
github
Server-Side Request Forgery (SSRF) in Apache Olingo
2020-02-04 22:38:38
cvelist
cvelist
CVE-2020-1925
2020-01-09 18:41:08
nvd
nvd
CVE-2020-1925
2020-01-09 19:15:10
cve
cve
CVE-2020-1925
2020-01-09 19:15:10
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10