An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04
CSRF issue on preview pages in Bolt CMS
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
This has been fixed in Bolt 3.7.1
Related issue: https://github.com/bolt/bolt/pull/7853Permalink: https://github.com/advisories/GHSA-2q66-6cc3-6xm8
Source: GitHub Advisory Database
Published: almost 3 years ago
Updated: 4 months ago
CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Identifiers: GHSA-2q66-6cc3-6xm8, CVE-2020-4040
packagist:bolt/boltVersions: < 3.7.1
Fixed in: 3.7.1