CVE-2015-2912

Name of the Vulnerable Software and Affected Versions OrientDB Server Community Edition versions 2.0.0 through 2.0.14 OrientDB Server Community Edition versions 2.1.0 through 2.1.0

Description The issue concerns the JSONP endpoint in the Studio component, which does not properly restrict callback values. This allows remote attackers to conduct cross-site request forgery (CSRF) attacks and obtain sensitive information via a crafted HTTP request.

Recommendations For OrientDB Server Community Edition versions 2.0.0 through 2.0.14, update to version 2.0.15 or later. For OrientDB Server Community Edition versions 2.1.0 through 2.1.0, update to version 2.1.1 or later.