CVE-2016-4808: Cross-Site Request Forgery (CSRF)

January 11, 2017 (updated January 19, 2017)

Web2py is affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged-in user to perform some unwanted actions. An attacker can trick a victim to disable the installed application just by sending a URL to victim.

References

nvd.nist.gov/vuln/detail/CVE-2016-4808
www.exploit-db.com/exploits/39821/

Code Behaviors & Features

Detect and mitigate CVE-2016-4808 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →