archivy is vulnerable to Cross-Site Request Forgery (CSRF) · CVE-2021-4162 · GitHub Advisory Database · GitHub

archivy is vulnerable to Cross-Site Request Forgery (CSRF)

Moderate severity GitHub Reviewed Published Jan 6, 2022 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

archivy (pip)

Affected versions

< 1.6.2

Patched versions

1.6.2

Description

archivy is vulnerable to Cross-Site Request Forgery (CSRF). There is a fix available in the master branch.

References

Published by the National Vulnerability Database

Dec 25, 2021

Reviewed Jan 5, 2022

Published to the GitHub Advisory Database Jan 6, 2022

Last updated Sep 12, 2024

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality None

Integrity Low

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N