Cross-site Request Forgery (CSRF)
CVE-2021-23404

7.6HIGH

Key Information:

Vendor: Sqlite-web Project
Status: Sqlite-web
Vendor: CVE Published:; 8 September 2021

What is CVE-2021-23404?

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.

Affected Version(s)

sqlite-web 0

References

https://snyk.io/vuln/SNYK-PYTHON-SQLITEWEB-1316324

x_refsource_MISC

https://github.com/coleifer/sqlite-web/blob/2e7c85da3d37f...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2021
Vulnerability Reserved
Jan 8, 2021

Credit

Yadhu Krishna M