Vulnerabilities > Octopus > Octopus Deploy > 2019.9.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-28 | CVE-2019-19375 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Deploy In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. | 5.3 |
| 2019-11-18 | CVE-2019-19084 | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Deploy In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details. | 4.3 |