Deep1Chil

Name of the Vulnerable Software and Affected Versions: The Bevy Event service versions through 2025-07-22 Description: The Bevy Event service, used for eBay Seller Events and other activities, is susceptible to a Cross-Site Request Forgery (CSRF) issue. This flaw allows an attacker to delete all notifications by exploiting the `/notifications/delete/` API endpoint. Recommendations: Versions through 2025-07-22: Mitigate the issue by implementing CSRF protection mechanisms, such as synchronizer tokens, to validate requests originating from trusted sources.