GHSA-74j6-3hh4-w3f5

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-74j6-3hh4-w3f5/GHSA-74j6-3hh4-w3f5.json
Aliases
Published
2022-09-23T00:00:30Z
Modified
2022-11-22T00:48:57.383215Z
Details

rdiffweb prior to 2.4.6 is vulnerable to cross-site request forgery on the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. This issue is fixed in version 2.4.6.

References

Affected packages

PyPI / rdiffweb

rdiffweb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.4.6

Affected versions

0.*

0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
0.9.2.dev1
0.9.3
0.9.4
0.9.5

1.*

1.0.0
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.1b1
1.3.1b2
1.3.2
1.4.0
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1

2.*

2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5