EPSS
Percentile
80.8%
luigi is vulnerable to cross-site request forgery (CSRF) attacks. The vulnerability exists due to the lack of Cross-Origin Resource Sharing (CORS) policy in the /api/:method endpoints, allowing CSRF attacks.
github.com/adilkhash/luigi/pull/1
github.com/spotify/luigi/commit/06e3d9163c36f347cef09d9442aff55a10660f31