Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Request Forgery (CSRF)
Vulnerability Description
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Softwaremill Akka-http-session 跨站请求伪造漏洞
Vulnerability Description
Softwaremill Softwaremill Akka-http-session是波兰Softwaremill公司的一个用于为单页或移动应用程序提供持续JWT和持续连接支持的代码库。 Softwaremill Akka-http-session core_2.12 from 0 and before 0.6.1 存在跨站请求伪造漏洞,该漏洞源于可以通过伪造一个包含X-XSRF-TOKEN头和XSRF-TOKEN cookie值相同值的请求来绕过CSRF保护,因为只检查这两个值是否相等且非空。
CVSS Information
N/A
Vulnerability Type
N/A