Name of the Vulnerable Software and Affected Versions Polaris-React versions prior to 1.1.1

Description A CSRF vulnerability allows an attacker to update user settings under specific circumstances. The attacker would need the user to navigate to a malicious site while logged into the panel. The attacker cannot verify if the update was successful or read the user's settings.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later, which implements the Double submit pattern using a cookie to patch this issue.