Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Cross-site Request Forgery (CSRF)
Created by: armorcodegithubpreprod[bot]
Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Cross-site Request Forgery (CSRF)
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.3.20,2.3.29)
- Vulnerable Path: >null
Overview
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It mishandles token validation, which allows remote attackers to conduct CSRF attacks via unspecified vectors.
References
Snyk Project Status: Active