Lucene search

K

Veracode Vulnerability DatabaseVERACODE:4925

HistoryAug 21, 2017 - 9:56 a.m.

Cross-site Request Forgery (CSRF)

2017-08-2109:56:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

EPSS

0.001

Percentile

42.2%

spring-batch-admin is vulnerable to cross-site request forgery (CSRF) attacks. The library does not use CSRF tokens, allowing a malicious user to hijack the authentication of other users and submit arbitrary requests through the file upload page.

References

www.openwall.com/lists/oss-security/2017/08/16/5

github.com/spring-projects/spring-batch-admin/blob/1.3.1.RELEASE/spring-batch-admin-manager/src/main/resources/org/springframework/batch/admin/web/manager/files/html/files.ftl#L23

EPSS

0.001

Percentile

42.2%

Related for VERACODE:4925

prion1 cve1 cvelist1 nvd1 osv1