CVE-2019-14933: Cross-Site Request Forgery (CSRF)

August 11, 2019 (updated August 14, 2019)

Bagisto allows CSRF under /admin URIs.

References

forums.bagisto.com/category/1/announcements
github.com/bagisto/bagisto/issues/750
nvd.nist.gov/vuln/detail/CVE-2019-14933

Detect and mitigate CVE-2019-14933 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →