[GHSA-4g88-4hgm-m99x] NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability #2972

MarkLee131 · 2023-11-22T06:53:51Z

Updates

Affected products
References

Comments
Add patch commit for v3.1.1: nasa/openmct@4e95e12
which belongs to this PR: nasa/openmct#7148
And they were mentioned in the release notes for v3.1.1: https://github.com/nasa/openmct/releases/tag/v3.1.1: "cherry-pick(#7144): fix(#7143): add eslint-plugin-no-unsanitized and fix errors by @ozyx in #7148
Fixes CVE-2023-45884, CVE-2023-45885" .

advisory-database · 2023-11-22T17:02:06Z

Hi @MarkLee131! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-4g88-4hgm-m99x

3986b2b

github-actions bot changed the base branch from main to MarkLee131/advisory-improvement-2972 November 22, 2023 06:54

advisory-database bot merged commit d6e47ab into MarkLee131/advisory-improvement-2972 Nov 22, 2023
2 checks passed

advisory-database bot deleted the MarkLee131-GHSA-4g88-4hgm-m99x branch November 22, 2023 17:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-4g88-4hgm-m99x] NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability #2972

[GHSA-4g88-4hgm-m99x] NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability #2972

MarkLee131 commented Nov 22, 2023

advisory-database bot commented Nov 22, 2023

[GHSA-4g88-4hgm-m99x] NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability #2972

[GHSA-4g88-4hgm-m99x] NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability #2972

Conversation

MarkLee131 commented Nov 22, 2023

advisory-database bot commented Nov 22, 2023