GHSA-9vxf-mcm6-5m42

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-9vxf-mcm6-5m42/GHSA-9vxf-mcm6-5m42.json
Aliases
Published
2022-09-22T00:00:21Z
Modified
2022-09-22T23:01:28.080708Z
Details

rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (CSRF), which could lead to disabling notifications in a user's profile.

References

Affected packages

PyPI / rdiffweb

rdiffweb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.4.6

Affected versions

0.*

0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
0.9.2.dev1
0.9.3
0.9.4
0.9.5

1.*

1.0.0
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.1b1
1.3.1b2
1.3.2
1.4.0
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1

2.*

2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5