CVE-2021-41764
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41764
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41764.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41764
- Published
- 2021-09-29T20:15:08.703Z
- Modified
- 2025-11-14T12:28:56.023286Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.
- References
Affected packages
Git / github.com/streamaserver/streama
Affected ranges
- Type
- GIT
- Repo
- https://github.com/streamaserver/streama
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.3.1_beta
1.3.3_beta
v0.*
v0.3.1
v0.3.2
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.0.9_1
v1.1
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.2.1_beta
v1.2.3_beta
v1.2_beta
v1.3.0_beta
v1.3.2_beta
v1.4.0_beta
v1.4.1RC
v1.4.1RC2
v1.4.1RC3
v1.4.2
v1.5.1
v1.5.2
v1.6.0-FINAL
v1.6.0-RC1
v1.6.0-RC10
v1.6.0-RC2
v1.6.0-RC3
v1.6.0-RC4
v1.6.0-RC5
v1.6.0-RC6
v1.6.0-RC7
v1.6.0-RC8
v1.6.0-RC9
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.0-RC1
v1.7.0-RC10
v1.7.0-RC11
v1.7.0-RC12
v1.7.0-RC13
v1.7.0-RC2
v1.7.0-RC3
v1.7.0-RC4
v1.7.0-RC5
v1.7.0-RC6
v1.7.0-RC7
v1.7.0-RC8
v1.7.0-RC9
v1.7.1
v1.7.2
v1.7.3
v1.8.0-beta
v1.8.1
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v1.9.2
v1.9.3