Dismissed
Permalink
CVE-2023-49854
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): LOW
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- caddy
- xcaddy
- vimPlugins.nvim-treesitter-parsers.caddy
- vscode-extensions.matthewpi.caddyfile-support
- @LeSuisse dismissed
WordPress Caddy Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.
References
- https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-… vdb-entry
- https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-… vdb-entry x_transferred
- https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-… vdb-entry
- https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-… vdb-entry x_transferred
Affected products
caddy
- =<1.9.7
Ignored packages (4)
pkgs.caddy
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
-
nixos-unstable -
- nixpkgs-unstable 2.10.2
pkgs.vimPlugins.nvim-treesitter-parsers.caddy
None
pkgs.vscode-extensions.matthewpi.caddyfile-support
Rich Caddyfile support for Visual Studio Code
-
nixos-unstable -
- nixpkgs-unstable 0.4.0