CVE-2023-4454

Name of the Vulnerable Software and Affected Versions wallabag versions prior to 2.6.3

Description The issue is related to Cross-Site Request Forgery (CSRF) in the wallabag GitHub repository. This allows attackers to arbitrarily reset annotations, entries, and tags by sending a GET request to specific API endpoints, such as "/reset/annotations", "/reset/entries", "/reset/tags", and "/reset/archived".

Recommendations For versions prior to 2.6.3, update to version 2.6.3 or higher, especially if you have more than one user and/or open registration. As a temporary workaround, consider restricting access to the vulnerable API endpoints until the update is applied.