Are you using Plack? Le mar. 28 janv. 2025 à 13:33, <k...@ourlib.in> a écrit : > > Hello, > sorry to bother you again. Security team has raised following concern, > please guide me in fixing the same: > =============== > In Koha version 24.05, CSRF tokens are not getting validated during > insert or update operations (e.g., creating a new patron). Even when the > CSRF token is removed or invalid, Koha still processes the request and > creates the new patron. > > Koha Version: 24.05 > Steps to Reproduce: > > Navigate to the patron creation form in Koha. > Remove the CSRF token from the input and meta tags. > Submit the form to create a new patron. > The new patron is created successfully, despite the missing or > invalid CSRF token. > > > Koha v24.05 does not validate CSRF tokens correctly, potentially > exposing the system to CSRF attacks. > ================= > > Regards, > Vikram > > _______________________________________________ > > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
