GHSA-9vxf-mcm6-5m42

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-9vxf-mcm6-5m42/GHSA-9vxf-mcm6-5m42.json

Aliases

CVE-2022-3233 ( PYSEC-2022-285 )

Published

2022-09-22T00:00:21Z

Modified

2022-09-22T23:01:28.080708Z

Details

rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (CSRF), which could lead to disabling notifications in a user's profile.

References

Affected packages

PyPI / rdiffweb

rdiffweb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

2.4.6

Affected versions

0.*

0.10.0

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.10.9

0.9.2.dev1

0.9.3

0.9.4

0.9.5

1.*

1.0.0

1.0.0a1

1.0.0a2

1.0.0a3

1.0.0a4

1.0.1

1.0.2

1.0.3

1.1.0

1.2.0

1.2.1

1.2.2

1.3.0

1.3.1

1.3.1b1

1.3.1b2

1.3.2

1.4.0

1.4.0b1

1.4.0b2

1.4.0b3

1.4.0b4

1.4.0b5

1.4.1b1

1.4.1b2

1.4.1b3

1.5.0

1.5.1b1

1.5.1b2

1.6.0b1

2.*

2.0.1b2

2.0.1b3

2.0.2

2.0.3a1

2.0.3a2

2.0.3a3

2.0.3a4

2.0.3a5

2.0.3a6

2.0.3a7

2.1.0

2.2.0

2.2.0.dev1

2.2.0a1

2.2.0a2

2.2.0a3

2.2.0a4

2.2.0a5

2.2.0a6

2.2.1

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5