CVE-2020-7780 MEDIUM

CVE-2020-7780: Cross-site Request Forgery (CSRF)

Vendor N/A
Product com.softwaremill.akka-http-session:core_2.13
Published November 27, 2020
Last update September 17, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.

Key dates

02Disclosure timeline

November 27, 2020 CVE published
September 17, 2024 Record updated