Skip to content

[SA 2020-001] Security flaws in CSRF prevension, CVE-2020-9369 #886

Closed
@ikedas

Description

@ikedas

Version

6.2.38 to 6.2.52.

Installation method

Any.

Expected behavior

There are no flaw.

Actual behavior

Sympa SA 2020-001 (candidate). Denial of service caused by malformed CSRF token.

Additional information

  • security advisory will be published later.
  • Pull request has been prepared and will be submitted soon.
  • New version of Sympa and a patch will be released.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions