CVE-2020-28191

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28191

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28191.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28191

Aliases

GHSA-697v-pxg3-j262

Related

GHSA-697v-pxg3-j262

Published

2022-12-26T22:15:10Z

Modified

2025-10-21T05:51:23.426768Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The console in Togglz before 2.9.4 allows CSRF.

References

Affected packages

Git / github.com/togglz/togglz

Affected ranges

Type: GIT
Repo: https://github.com/togglz/togglz
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ed66e3f584de954297ebaf98ea4a235286784707

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Alpha5

1.0.0.Alpha6

1.0.0.Final

1.1.0.Final

2.*

2.0.0.Alpha1

2.0.0.Beta1

2.0.0.Beta2

2.0.0.Final

2.0.0.RC1

2.1.0.Final

2.2.0.Final

2.3.0.Final

2.3.0.RC1

2.3.0.RC2

2.4.0.Final

2.4.0.RC1

2.5.0.Final

2.6.0.Final

2.7.0

2.7.1

2.7.2

2.8.0

2.9.0

2.9.1

2.9.2

2.9.3

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2020-28191-2ca2fe09",
        "target": {
            "file": "console/src/main/java/org/togglz/console/handlers/edit/EditPageHandler.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "12207579817764205720094307330642010418",
                "76383969403441108609025026498130498960",
                "123289773922505499083256610594218990572",
                "123496317571994318484413838353952234913",
                "279274955540094229692798434998893336977",
                "69387283049142711970176562609484687797",
                "240297344135303215872978558451237412557",
                "102026923242023653881673165940697898183",
                "88230631937852424211219365011976606068",
                "176938735394971359788005032572627991058",
                "232339077217431613785497883405318464187",
                "103991873706079500223884094718757065108",
                "137498542003860960659483306970408141906",
                "135999910451877975673340178759142617569",
                "241401378363459846828343374613001452573",
                "163398980764563056878386707268740059983"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2020-28191-7a3a53d3",
        "target": {
            "function": "process",
            "file": "console/src/main/java/org/togglz/console/handlers/edit/EditPageHandler.java"
        },
        "digest": {
            "length": 853.0,
            "function_hash": "103519041531238068259260245362167228932"
        },
        "signature_type": "Function"
    }
]