Skip to content

No CSRF form token cleanup on Windows servers

Moderate
piRGoif published GHSA-cxw7-2x7h-f7pr Jul 21, 2021

Package

No package listed

Affected versions

<2.7.4 <3.0.0

Patched versions

2.7.4, 3.0.0

Description

Impact

As on Windows servers no cleanup is done on CSRF tokens, they can be reused by a malicious user.

Patches

Fixed in 2.7.4 and 3.0.0

References

Combodo ref N°3728

Credits

Internal.

For more information

If you have any questions or comments about this advisory:
Email us at [email protected]

Severity

Moderate

CVE ID

CVE-2021-32776

Weaknesses

No CWEs