akka-http-session is vulnerable to cross-site request forgery (CSRF). The CSRF protection can be bypassed using an empty X-XSRF-TOKEN
header and a XSRF-TOKEN
cookie with empty value.
CPE | Name | Operator | Version |
---|---|---|---|
akka-http-session | le | 0.1.4-2.0-M1 | |
core | le | 0.5.10 | |
core | le | 0.5.10 | |
core | le | 0.5.10 |