Cross-site Request Forgery (CSRF) Affecting products.pluggableauthservice package, versions [,2.6.3)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PRODUCTSPLUGGABLEAUTHSERVICE-1315825
- published 2 Jul 2021
- disclosed 2 Jul 2021
- credit Unknown
How to fix?
Upgrade Products.PluggableAuthService
to version 2.6.3 or higher.
Overview
Products.PluggableAuthService is a Pluggable Zope authentication / authorization framework
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to faulty CSRF token acces.
References
CVSS Scores
version 3.1