CVE-2022-3274: rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
(updated )
rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user’s email ID. Version 2.4.7 has a fix for this issue.
References
- github.com/advisories/GHSA-gmj8-84r4-h46j
- github.com/ikus060/rdiffweb
- github.com/ikus060/rdiffweb/commit/e974df75bdbcff3996ad70bd1b4424ec1485ea3f
- github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-289.yaml
- huntr.dev/bounties/8834c356-4ddb-4be7-898b-d76f480e9c3f
- nvd.nist.gov/vuln/detail/CVE-2022-3274
Detect and mitigate CVE-2022-3274 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →