CVE-2020-7780

MEDIUM

com.softwaremill.akka-http-session <0.5.11 - CSRF

Title source: llm
STIX 2.1

Description

This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.

References (6)

Core 6

Scores

CVSS v3 6.3
EPSS 0.0065
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE
CWE-352
Status published
Products (4)
com.softwaremill.akka-http-session/core_2.11 0 - 0.5.11Maven
com.softwaremill.akka-http-session/core_2.12 0 - 0.5.11Maven
com.softwaremill.akka-http-session/core_2.13 0 - 0.5.11Maven
softwaremill/akka-http-session < 0.5.11
Published Nov 27, 2020
Tracked Since Feb 18, 2026