CVE-2020-24705: Session Hijacking
(updated )
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager, API Manager Analytics, IS as Key Manager, Identity Server, Identity Server Analytics, and IoT Server
References
Code Behaviors & Features
Detect and mitigate CVE-2020-24705 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →