PyPi: Pyramid-Weblayer

PVE-2021-26052

Safety vulnerability ID: 26052

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 14, 2021 Updated at Dec 09, 2022

Advisory

pyramid-weblayer before 0.12 does not protect AJAX requests through the CSRF machinery.

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

pyramid-weblayer

Latest version: 0.14.7

Common / reusable utilities for a Pyramid web application.

Affected versions

Fixed versions

Vulnerability changelog

Breaking change: update CSRF machinery to also protect AJAX requests, as per [this secur…

[This text has been limited. Please create a free account to view the full text.]

Resources