Homepage
About Snyk

esphome@2024.3.0b3 vulnerabilities

Make creating custom firmwares for ESP32/ESP8266 super easy.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the esphome package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-Site Request Forgery (CSRF)

esphome is a Make creating custom firmwares for ESP32/ESP8266 super easy.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to insufficient protection for API endpoints in the dashboard component. An attacker can perform operations on configuration files (create, edit, delete) on behalf of a logged user by directing them to visit a maliciously crafted web page. This effectively bypasses authentication for API calls. The vulnerability can be further exploited in conjunction with another issue to achieve complete account takeover.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade esphome to version 2024.3.0 or higher.

[2023.12.9,2024.3.0)
Go back to all versions of this package