CSRF Protection Bypass in Mirumee Saleor 2.7.0

CSRF Protection Bypass in Mirumee Saleor 2.7.0

CVE-2019-13594 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.

Learn more about our Cis Benchmark Audit For Server Software.