Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/wallabag/wallabag@2.3.7
Typecomposer
Namespacewallabag
Namewallabag
Version2.3.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.11
Latest_non_vulnerable_version2.6.11
Affected_by_vulnerabilities
0
url VCID-2g1k-7bhh-w3gd
vulnerability_id VCID-2g1k-7bhh-w3gd
summary Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4455
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35971
published_at 2026-06-12T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.3579
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4455
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-gjvc-55fw-v6vq
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-gjvc-55fw-v6vq
3
reference_url https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/
reference_id
reference_type
scores
url https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/
4
reference_url https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a
reference_id 5ab1b206-5fe8-4737-b275-d705e76f193a
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:03:23Z/
url https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a
5
reference_url https://github.com/wallabag/wallabag/commit/ffcc5c9062fcc8cd922d7d6d65edbe5efae96806
reference_id ffcc5c9062fcc8cd922d7d6d65edbe5efae96806
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:03:23Z/
url https://github.com/wallabag/wallabag/commit/ffcc5c9062fcc8cd922d7d6d65edbe5efae96806
6
reference_url https://github.com/advisories/GHSA-gjvc-55fw-v6vq
reference_id GHSA-gjvc-55fw-v6vq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjvc-55fw-v6vq
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.6.3
purl pkg:composer/wallabag/wallabag@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2y3q-gces-gbdx
1
vulnerability VCID-jzng-319m-8feu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.3
aliases CVE-2023-4455, GHSA-gjvc-55fw-v6vq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g1k-7bhh-w3gd
1
url VCID-2y3q-gces-gbdx
vulnerability_id VCID-2y3q-gces-gbdx
summary 
Wallabag user can disable 2FA unintentionally
## Impact
wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily disable 2FA through `/config/otp/app/disable` and `/config/otp/email/disable`.

This vulnerability has a CVSSv3.1 score of 4.3.

**You should upgrade your instance to version 2.6.7 or higher.**

## Resolution

These endpoints now require POST method.

## Credits

We would like to thank @dhina016 for reporting this issue through huntr.dev.

Reference: https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/
references
0
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
1
reference_url https://github.com/wallabag/wallabag/commit/0cfdddc2eb0aee5ffb69bf499d377d75655ba157
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/0cfdddc2eb0aee5ffb69bf499d377d75655ba157
2
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-56fm-hfp3-x3w3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-56fm-hfp3-x3w3
3
reference_url https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487
4
reference_url https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/
reference_id
reference_type
scores
url https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/
5
reference_url https://github.com/advisories/GHSA-56fm-hfp3-x3w3
reference_id GHSA-56fm-hfp3-x3w3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56fm-hfp3-x3w3
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.6.7
purl pkg:composer/wallabag/wallabag@2.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzng-319m-8feu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.7
aliases GHSA-56fm-hfp3-x3w3, GMS-2023-2789
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2y3q-gces-gbdx
2
url VCID-65q9-n4jm-k3cw
vulnerability_id VCID-65q9-n4jm-k3cw
summary Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0736
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52959
published_at 2026-06-12T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52831
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0736
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0736
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0736
3
reference_url https://github.com/wallabag/wallabag/commit/4e023bddc3622ba5e901cc14a261fcb98d955cd7
reference_id 4e023bddc3622ba5e901cc14a261fcb98d955cd7
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:31:50Z/
url https://github.com/wallabag/wallabag/commit/4e023bddc3622ba5e901cc14a261fcb98d955cd7
4
reference_url https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e
reference_id 7e6f9614-6a96-4295-83f0-06a240be844e
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:31:50Z/
url https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e
5
reference_url https://github.com/advisories/GHSA-3x2c-87cq-qx49
reference_id GHSA-3x2c-87cq-qx49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3x2c-87cq-qx49
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.4
purl pkg:composer/wallabag/wallabag@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-jzng-319m-8feu
3
vulnerability VCID-mwh5-ud4b-83fk
4
vulnerability VCID-w4ye-ytxq-4qaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4
aliases CVE-2023-0736, GHSA-3x2c-87cq-qx49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65q9-n4jm-k3cw
3
url VCID-69dq-pg6x-zffy
vulnerability_id VCID-69dq-pg6x-zffy
summary Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0609
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.37072
published_at 2026-06-12T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.36894
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0609
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-qwx8-mxxx-mg96
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-qwx8-mxxx-mg96
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0609
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0609
4
reference_url https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
reference_id 0f7460dbab9e29f4f7d2944aca20210f828b6abb
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:03Z/
url https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
5
reference_url https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
reference_id 3adef66f-fc86-4e6d-a540-2ffa59342ff0
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:03Z/
url https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
6
reference_url https://github.com/advisories/GHSA-qwx8-mxxx-mg96
reference_id GHSA-qwx8-mxxx-mg96
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwx8-mxxx-mg96
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.3
purl pkg:composer/wallabag/wallabag@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-65q9-n4jm-k3cw
3
vulnerability VCID-epmp-j39p-puen
4
vulnerability VCID-jzng-319m-8feu
5
vulnerability VCID-tzbv-2x21-dybb
6
vulnerability VCID-w4ye-ytxq-4qaw
7
vulnerability VCID-yytf-h8rc-zuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.3
aliases CVE-2023-0609, GHSA-qwx8-mxxx-mg96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69dq-pg6x-zffy
4
url VCID-epmp-j39p-puen
vulnerability_id VCID-epmp-j39p-puen
summary Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0734
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52995
published_at 2026-06-12T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52866
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0734
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://github.com/wallabag/wallabag/releases/tag/2.5.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/releases/tag/2.5.4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0734
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0734
4
reference_url https://huntr.dev/bounties/a296324c-6925-4f5f-a729-39b0d73d5b8b
reference_id a296324c-6925-4f5f-a729-39b0d73d5b8b
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:29:19Z/
url https://huntr.dev/bounties/a296324c-6925-4f5f-a729-39b0d73d5b8b
5
reference_url https://github.com/wallabag/wallabag/commit/acd285dcbb71b595e6320bb1d0d3a44cdf646ac0
reference_id acd285dcbb71b595e6320bb1d0d3a44cdf646ac0
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:29:19Z/
url https://github.com/wallabag/wallabag/commit/acd285dcbb71b595e6320bb1d0d3a44cdf646ac0
6
reference_url https://github.com/advisories/GHSA-8ccw-f83g-v7g3
reference_id GHSA-8ccw-f83g-v7g3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8ccw-f83g-v7g3
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.4
purl pkg:composer/wallabag/wallabag@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-jzng-319m-8feu
3
vulnerability VCID-mwh5-ud4b-83fk
4
vulnerability VCID-w4ye-ytxq-4qaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4
aliases CVE-2023-0734, GHSA-8ccw-f83g-v7g3
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epmp-j39p-puen
5
url VCID-jzng-319m-8feu
vulnerability_id VCID-jzng-319m-8feu
summary 
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
## Impact

wallabag versions prior to 2.6.11 were discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities across several endpoints. An attacker could craft a malicious link or page that, if visited by a logged-in wallabag user, could trick the user's browser into performing unintended actions within their wallabag account without their consent. Additionally, one endpoint affects the login page locale setting.

The affected endpoints allow attackers to potentially perform actions such as:

* **Manage API Tokens:**
    * `/generate-token`
    * `/revoke-token`
* **Manage User Rules:**
    * `/tagging-rule/delete/{taggingRule}`
    * `/ignore-origin-user-rule/delete/{ignoreOriginUserRule}`
* **Modify User Configuration:**
    * `/config/view-mode`
* **Manage Individual Entries:**
    * `/reload/{id}`
    * `/archive/{id}`
    * `/star/{id}`
    * `/delete/{id}`
    * `/share/{id}`
    * `/share/delete/{id}`
* **Manage Tags:**
    * `/remove-tag/{entry}/{tag}`
    * `/tag/search/{filter}`
    * `/tag/delete/{slug}`
* **Perform Bulk Actions:**
    * `/mass`
* **Change Interface Language (Login Page):**
    * `/locale/{language}`

Successfully exploiting these vulnerabilities could lead to unauthorized modification or deletion of user data, configuration changes, token manipulation, or interface changes, depending on the specific endpoint targeted.

This set of vulnerabilities has an aggregated CVSS v3.1 score of 4.3 (Medium).

**Users are strongly advised to upgrade their wallabag instance to version 2.6.11 or later to mitigate these vulnerabilities.**

## Resolution

These vulnerabilities have been addressed in wallabag version **2.6.11**. The affected endpoints have been modified to require the HTTP POST method along with a valid CSRF token for state-changing actions, preventing attackers from forcing users' browsers to perform these actions unintentionally.

## Credits

Found, reported and fixed by @yguedidi
references
0
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
1
reference_url https://github.com/wallabag/wallabag/commit/00d0e6f951927434039465b4d3ae3dd661911172
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/00d0e6f951927434039465b4d3ae3dd661911172
2
reference_url https://github.com/wallabag/wallabag/commit/0d8429dfc77b84f50060b253fd84f1c09b892226
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/0d8429dfc77b84f50060b253fd84f1c09b892226
3
reference_url https://github.com/wallabag/wallabag/commit/264f91126e2c42188b80848c881264da743b4dc1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/264f91126e2c42188b80848c881264da743b4dc1
4
reference_url https://github.com/wallabag/wallabag/commit/27f0d94db72fb2a54b5965e4e9908a0f418f44b5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/27f0d94db72fb2a54b5965e4e9908a0f418f44b5
5
reference_url https://github.com/wallabag/wallabag/commit/3817010e29ed368df271cdd11ec71a46a341c673
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/3817010e29ed368df271cdd11ec71a46a341c673
6
reference_url https://github.com/wallabag/wallabag/commit/5ea5115a721651f2af349e8451be8947dad9c814
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/5ea5115a721651f2af349e8451be8947dad9c814
7
reference_url https://github.com/wallabag/wallabag/commit/677b2986bc78df4c7ecfed87a24593fa0553fd3c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/677b2986bc78df4c7ecfed87a24593fa0553fd3c
8
reference_url https://github.com/wallabag/wallabag/commit/6fa61c0f9c48d37625c92a8913b487230761fb47
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/6fa61c0f9c48d37625c92a8913b487230761fb47
9
reference_url https://github.com/wallabag/wallabag/commit/99c8a06594d6ee7480ce4d041ccff3025b353656
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/99c8a06594d6ee7480ce4d041ccff3025b353656
10
reference_url https://github.com/wallabag/wallabag/commit/ac5b5fb379233d6e96ea14ae21b7f88761d5fa3f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/ac5b5fb379233d6e96ea14ae21b7f88761d5fa3f
11
reference_url https://github.com/wallabag/wallabag/commit/cf49be694089667bbab9f10d52862fbdba9a89de
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/cf49be694089667bbab9f10d52862fbdba9a89de
12
reference_url https://github.com/wallabag/wallabag/commit/d1e128900acc0cb8c88eb7a085c9ef5420cf0c43
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/d1e128900acc0cb8c88eb7a085c9ef5420cf0c43
13
reference_url https://github.com/wallabag/wallabag/commit/d703fa6a3a75f7c3b433e8caf618bfb0a9a0ba63
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/d703fa6a3a75f7c3b433e8caf618bfb0a9a0ba63
14
reference_url https://github.com/wallabag/wallabag/commit/ddf2e808422e41ea55cebf2aa12eb1823c5c340a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/ddf2e808422e41ea55cebf2aa12eb1823c5c340a
15
reference_url https://github.com/wallabag/wallabag/commit/e162408139ac9bb12e69f4d49de45ade49369c21
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/e162408139ac9bb12e69f4d49de45ade49369c21
16
reference_url https://github.com/wallabag/wallabag/commit/eb8408b22fbaa6b3d78047d6203b23b7f52bbf03
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/eb8408b22fbaa6b3d78047d6203b23b7f52bbf03
17
reference_url https://github.com/wallabag/wallabag/commit/ed1acf59e166a2a6bb81c52baaeabd6196feae98
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/ed1acf59e166a2a6bb81c52baaeabd6196feae98
18
reference_url https://github.com/wallabag/wallabag/commit/edffef837598355c9bec433c469f1e04c35b27cb
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/commit/edffef837598355c9bec433c469f1e04c35b27cb
19
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-5pm7-cp8f-p2c2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-5pm7-cp8f-p2c2
20
reference_url https://github.com/advisories/GHSA-5pm7-cp8f-p2c2
reference_id GHSA-5pm7-cp8f-p2c2
reference_type
scores
url https://github.com/advisories/GHSA-5pm7-cp8f-p2c2
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.6.11
purl pkg:composer/wallabag/wallabag@2.6.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.11
aliases GHSA-5pm7-cp8f-p2c2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzng-319m-8feu
6
url VCID-qjcv-xawp-s3b3
vulnerability_id VCID-qjcv-xawp-s3b3
summary Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0610
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37114
published_at 2026-06-11T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37293
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0610
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-mrqx-mjc4-vfh3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-mrqx-mjc4-vfh3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0610
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0610
4
reference_url https://github.com/wallabag/wallabag/commit/5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e
reference_id 5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:07:00Z/
url https://github.com/wallabag/wallabag/commit/5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e
5
reference_url https://huntr.dev/bounties/8fdd9b31-d89b-4bbe-9557-20b960faf926
reference_id 8fdd9b31-d89b-4bbe-9557-20b960faf926
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:07:00Z/
url https://huntr.dev/bounties/8fdd9b31-d89b-4bbe-9557-20b960faf926
6
reference_url https://github.com/advisories/GHSA-mrqx-mjc4-vfh3
reference_id GHSA-mrqx-mjc4-vfh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrqx-mjc4-vfh3
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.3
purl pkg:composer/wallabag/wallabag@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-65q9-n4jm-k3cw
3
vulnerability VCID-epmp-j39p-puen
4
vulnerability VCID-jzng-319m-8feu
5
vulnerability VCID-tzbv-2x21-dybb
6
vulnerability VCID-w4ye-ytxq-4qaw
7
vulnerability VCID-yytf-h8rc-zuaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.3
aliases CVE-2023-0610, GHSA-mrqx-mjc4-vfh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjcv-xawp-s3b3
7
url VCID-tzbv-2x21-dybb
vulnerability_id VCID-tzbv-2x21-dybb
summary wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0737
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23459
published_at 2026-06-11T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23655
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0737
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0737
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0737
3
reference_url https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc
reference_id 268372dbbdd7ef87b84617fdebf95d0a86caf7dc
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:30:02Z/
url https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc
4
reference_url https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5
reference_id 4ba20fe7-4061-4dfb-ab2f-ecaf110641a5
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:30:02Z/
url https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5
5
reference_url https://github.com/advisories/GHSA-99w8-c5f6-96pp
reference_id GHSA-99w8-c5f6-96pp
reference_type
scores
url https://github.com/advisories/GHSA-99w8-c5f6-96pp
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.4
purl pkg:composer/wallabag/wallabag@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-jzng-319m-8feu
3
vulnerability VCID-mwh5-ud4b-83fk
4
vulnerability VCID-w4ye-ytxq-4qaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4
aliases CVE-2023-0737, GHSA-99w8-c5f6-96pp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzbv-2x21-dybb
8
url VCID-w4ye-ytxq-4qaw
vulnerability_id VCID-w4ye-ytxq-4qaw
summary Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4454
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34313
published_at 2026-06-11T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34491
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4454
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://github.com/wallabag/wallabag/security/advisories/GHSA-p8gp-899c-jvq9
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag/security/advisories/GHSA-p8gp-899c-jvq9
3
reference_url https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299/
reference_id
reference_type
scores
url https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299/
4
reference_url https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299
reference_id 4ee0ef74-e4d4-46e7-a05c-076bce522299
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:04:16Z/
url https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299
5
reference_url https://github.com/wallabag/wallabag/commit/78b0b55c40511e1f22d5bbb4897aa10fca68441c
reference_id 78b0b55c40511e1f22d5bbb4897aa10fca68441c
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:04:16Z/
url https://github.com/wallabag/wallabag/commit/78b0b55c40511e1f22d5bbb4897aa10fca68441c
6
reference_url https://github.com/advisories/GHSA-p8gp-899c-jvq9
reference_id GHSA-p8gp-899c-jvq9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8gp-899c-jvq9
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.6.3
purl pkg:composer/wallabag/wallabag@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2y3q-gces-gbdx
1
vulnerability VCID-jzng-319m-8feu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.3
aliases CVE-2023-4454, GHSA-p8gp-899c-jvq9, GMS-2023-1941
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4ye-ytxq-4qaw
9
url VCID-yytf-h8rc-zuaf
vulnerability_id VCID-yytf-h8rc-zuaf
summary Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0735
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35799
published_at 2026-06-11T12:55:00Z
1
value 0.00153
scoring_system epss
scoring_elements 0.3598
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0735
1
reference_url https://github.com/wallabag/wallabag
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wallabag/wallabag
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0735
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0735
3
reference_url https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc
reference_id 268372dbbdd7ef87b84617fdebf95d0a86caf7dc
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:33:59Z/
url https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc
4
reference_url https://huntr.dev/bounties/8bc78cb1-b10b-4152-842e-ceb999fc5508
reference_id 8bc78cb1-b10b-4152-842e-ceb999fc5508
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:33:59Z/
url https://huntr.dev/bounties/8bc78cb1-b10b-4152-842e-ceb999fc5508
5
reference_url https://github.com/advisories/GHSA-2qxp-xmx6-cq4f
reference_id GHSA-2qxp-xmx6-cq4f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qxp-xmx6-cq4f
fixed_packages
0
url pkg:composer/wallabag/wallabag@2.5.4
purl pkg:composer/wallabag/wallabag@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g1k-7bhh-w3gd
1
vulnerability VCID-2y3q-gces-gbdx
2
vulnerability VCID-jzng-319m-8feu
3
vulnerability VCID-mwh5-ud4b-83fk
4
vulnerability VCID-w4ye-ytxq-4qaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4
aliases CVE-2023-0735, GHSA-2qxp-xmx6-cq4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yytf-h8rc-zuaf
Fixing_vulnerabilities
Risk_score3.3
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.3.7