Cross-site Request Forgery (CSRF) Affecting kotti package, versions [,1.3.2) [2.0.0a1,2.0.0b2)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.11% (43rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-KOTTI-42093
- published 9 Apr 2018
- disclosed 3 Apr 2018
- credit Unknown
Introduced: 3 Apr 2018
CVE-2018-9856 Open this link in a new tabHow to fix?
Upgrade kotti
to version 1.3.2, 2.0.0b2 or higher.
Overview
kotti is a Pythonic web application framework based on Pyramid and SQLAlchemy.
Affected versions od this package are vulnerable to Cross Site Request Forgery (CSRF) in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@
share request.