PYSEC-2018-10
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/kotti/PYSEC-2018-10.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2018-10
- Aliases
- Published
- 2018-04-09T07:29:00Z
- Modified
- 2023-11-01T04:49:43.085431Z
- Summary
- [none]
- Details
-
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
- References
Affected packages
PyPI / kotti
Package
- Name
- kotti
- View open source insights on deps.dev
- Purl
- pkg:pypi/kotti
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.2
Affected versions
0.*
0.1a1
0.1a2
0.1a3
0.1a4
0.1a5
0.1a6
0.1a7
0.1a8
0.1a9
0.1
0.1.1
0.2a1
0.2a2
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.0a1
0.5.0a2
0.5.0a3
0.5.0a4
0.5.0a5
0.5.0a6
0.5.0a7
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.6.0b1
0.6.0b2
0.6.0b3
0.6.0
0.6.1
0.6.2
0.6.3
0.7a1
0.7a2
0.7a3
0.7a4
0.7a5
0.7a6
0.7rc1
0.7
0.7.1
0.7.2
0.8a1
0.8a2
0.8b1
0.8b2
0.8
0.9a1
0.9a2
0.9b1
0.9b2
0.9
0.9.1
0.9.2
0.10a1
0.10a2
0.10a3
0.10a4
0.10b1
1.*
1.0.0-alpha
1.0.0-alpha.2
1.0.0-alpha.3
1.0.0-alpha.4
1.0.0
1.1.0-alpha.1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0a1
1.3.0a2
1.3.0a3
1.3.0a4
1.3.0
1.3.1