Skip to content

Cross-site request forgery

Moderate
1modm published GHSA-923q-f7h8-8gw9 Apr 12, 2022

Package

petereport (python)

Affected versions

0.5

Patched versions

0.6

Description

Impact

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application.

Workarounds

Update to 0.6 release

Severity

Moderate

CVE ID

CVE-2022-23052

Weaknesses