Fruttasecca

**Name of the Vulnerable Software and Affected Versions** Orchest versions prior to v2022.09.10 **Description** The issue allows an attacker to trick an innocent end user into submitting a web request that they did not intend, potentially causing actions such as client or server data leakage, change of session state, or manipulation of an end user's account. This is related to a Cross-site Request Forgery (CSRF) attack. **Recommendations** Upgrade to v2022.09.10 to patch this vulnerability. As a temporary workaround, rebuild and redeploy the Orchest `auth-server` with the specified commit.