Vulnerabilities > Casbin > Casdoor > 1.29.2

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-34927 Cross-Site Request Forgery (CSRF) vulnerability in Casbin Casdoor
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
network
low complexity
casbin CWE-352
6.5
2022-12-07 CVE-2022-44942 Path Traversal vulnerability in Casbin Casdoor
Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.
network
low complexity
casbin CWE-22
8.1