CVE-2022-24947: Cross-Site Request Forgery (CSRF)

February 25, 2022 (updated March 4, 2022)

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

References

www.openwall.com/lists/oss-security/2022/02/25/1
lists.apache.org/thread/txrgykjkpt80t57kzpbjo8kfrv8ss02c
nvd.nist.gov/vuln/detail/CVE-2022-24947

Code Behaviors & Features

Detect and mitigate CVE-2022-24947 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →