RSS   Vulnerabilities for 'Webargs'   RSS

2020-01-29
 
CVE-2020-7965

CWE-352
 

 
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF.

 


Copyright 2024, cxsecurity.com

 

Back to Top