CVE-2020-35217

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35217.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35217

Aliases

GHSA-9q69-g5gc-9fgf

Published

2021-01-20T13:15:12Z

Modified

2024-05-14T08:08:38.684114Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.

References

https://github.com/vert-x3/vertx-web/pull/1613

Affected packages

Git / github.com/vert-x3/vertx-web

Affected ranges

Type: GIT
Repo: https://github.com/vert-x3/vertx-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1d0a62d5d571d45b2b6165b083d0da90b9207481

Last affected

1d18809825e4280ab2e5302d6409783bea04f3b3

Last affected

747517490415736eaa1b15dd07cec0b3b69d7493

Last affected

b2979b914d3fcc001f9621284202e32fc6e53578

Affected versions

3.*

3.0.0

3.0.0-milestone2

3.0.0-milestone3

3.0.0-milestone4

3.0.0-milestone5

3.0.0-milestone6

3.1.0

3.2.0

3.2.1

3.3.0

3.3.0.CR2

3.3.1

3.3.2

3.3.3

3.4.0

3.4.0.Beta1

3.4.1

3.4.2

3.5.0

3.5.0.Beta1

3.5.1

3.6.0

3.6.0.CR1

3.6.0.CR2

4.*

4.0.0-milestone1

4.0.0-milestone2

4.0.0-milestone4