Cross-site Request Forgery (CSRF) Affecting com.orientechnologies:orientdb-server package, versions [,2.0.15) [2.1.0,2.1.1)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.5% (77^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-COMORIENTECHNOLOGIES-30334
published 20 Aug 2015
disclosed 20 Aug 2015
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 Aug 2015

CVE-2015-2912 Open this link in a new tab CWE-352 Open this link in a new tab

Overview

com.orientechnologies:orientdb-server The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.

Cross-site Request Forgery (CSRF) Affecting com.orientechnologies:orientdb-server package, versions [,2.0.15) [2.1.0,2.1.1)

Snyk CVSS

Threat Intelligence

Introduced: 20 Aug 2015

Overview

References