<p>Upgrade <code>com.softwaremill.akka-http-session:core_2.12</code> to version 0.5.11 or higher.</p>

Cross-site Request Forgery (CSRF) Affecting com.softwaremill.akka-http-session:core_2.12 package, versions [,0.5.11)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Threat Intelligence

EPSS 0.18% (56^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654
published 27 Nov 2020
disclosed 10 Mar 2020
credit Willem Vermeer

Report a new vulnerability Found a mistake?

Introduced: 10 Mar 2020

CVE-2020-7780 Open this link in a new tab CWE-352 Open this link in a new tab First added by Snyk

How to fix?

Upgrade com.softwaremill.akka-http-session:core_2.12 to version 0.5.11 or higher.

Overview

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.