You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross-Site Request Forgery (CSRF) in keystone
High severity
GitHub Reviewed
Published
Nov 30, 2017
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Request Forgery (CSRF). The package fails to validate the presence of the X-CSRF-Token header, which may allow attackers to carry actions on behalf of other users on all endpoints.
Versions of
keystone
prior to 4.0.0 are vulnerable to Cross-Site Request Forgery (CSRF). The package fails to validate the presence of theX-CSRF-Token
header, which may allow attackers to carry actions on behalf of other users on all endpoints.Recommendation
Update to version 4.0.0 or later.
References