Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0735: Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion · wallabag/wallabag@268372d

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE
#csrf#git

@@ -794,7 +794,7 @@ public function testDeleteUserButtonVisibility() $this->assertGreaterThan(1, $body = $crawler->filter(‘body’)->extract([‘_text’])); $this->assertStringNotContainsString('config.form_user.delete.button’, $body[0]);
$client->request('GET’, ‘/account/delete’); $client->request('POST’, ‘/account/delete’); $this->assertSame(403, $client->getResponse()->getStatusCode());
$user = $em @@ -860,9 +860,9 @@ public function testDeleteAccount()
$crawler = $client->request('GET’, ‘/config’);
$deleteLink = $crawler->filter(‘.delete-account’)->last()->link(); $deleteForm = $crawler->filter('form[name=delete-account]')->form();
$client->click($deleteLink); $client->submit($deleteForm); $this->assertSame(302, $client->getResponse()->getStatusCode());
$em = $client->getContainer()->get(‘doctrine.orm.entity_manager’);

Related news

GHSA-2qxp-xmx6-cq4f: Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda