This affects the package com.softwaremill.akka-http-session:core_2.13 prior to 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 prior to 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 prior to 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
softwaremill akka-http-session |