CVE-2020-7993

CVE-2020-7993

EPSS 0.7%

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/prototypejs/prototype/blob/master/CHANGELOG https://medium.com/%40vbharad/improper-access-control-vulnerability-in-prototype-1-6-0-1-framework-379cc3a05079