Cross-site Request Forgery (CSRF) Affecting io.hawt:project Open this link in a new tab package, versions [1.5.0,1.5.4)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
18 Feb 2018
17 Aug 2017
How to fix?
io.hawt:project to version 1.5.4 or higher.
io.hawt:project is an HTML5 web console with plugins for managing Java stuff.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker could trick the user to visit his website containing a malicious script which can be submitted to hawtio server on behalf of the user.