CVE-2021-28490: CSRF
First published: Thu Aug 19 2021(Updated: )
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OWASP CSRFGuard | <=3.1.0 | |
| OWASP CSRFGuard | =4.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2021-28490.
What is the title of this vulnerability?
The title of this vulnerability is 'In OWASP CSRFGuard through 3.1.0 CSRF can occur because the CSRF cookie may be retrieved by using on…'
What is the severity of this vulnerability?
The severity of this vulnerability is high.
How does this vulnerability occur?
This vulnerability occurs because the CSRF cookie may be retrieved by using only a session token.
What is the affected software?
The affected software is OWASP CSRFGuard versions 3.1.0 and 4.0-rc1.
How can I fix this vulnerability?
To fix this vulnerability, you should update OWASP CSRFGuard to a version that is not affected.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/owasp
- canonical/owasp csrfguard
- version/owasp csrfguard/3.1.0
- version/owasp csrfguard/4.0-rc1