CVE-2024-55500: Avenwu Whistle Cross-Site Request Forgery (CSRF)

December 10, 2024

Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim’s machine.

References

github.com/advisories/GHSA-gg6x-448q-pqqm
github.com/avwo/whistle
github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf
nvd.nist.gov/vuln/detail/CVE-2024-55500
www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea

Detect and mitigate CVE-2024-55500 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →