PT-2026-60923 · Sipeed · Picoclaw
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Sipeed PicoClaw versions prior to 0.2.10
Description
An issue exists in an unknown function within the
web/backend/api/auth.go file that allows remote attackers to perform cross-site request forgery (CSRF), a technique where a malicious website causes a user's web browser to perform an unwanted action on a different website where the user is authenticated.Recommendations
Apply patch 4b0229351678f479429b8d8b19207757266f246b to resolve the issue.
Exploit
Fix
Missing Authorization
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Picoclaw