Lemmony
Monthly
A Cross-Site Request Forgery (CSRF) vulnerability exists in shufflehound's Lemmony application versions prior to 1.7.1, allowing unauthenticated attackers to perform unauthorized actions on behalf of legitimate users through crafted web requests. An attacker can exploit this vulnerability to cause integrity and availability impact by forcing a victim's browser to make unwanted requests to the Lemmony application. The attack requires user interaction (clicking a malicious link) but has a low attack complexity and network accessibility, making it a practical threat in multi-user web environments.
A Cross-Site Request Forgery (CSRF) vulnerability exists in shufflehound's Lemmony application versions prior to 1.7.1, allowing unauthenticated attackers to perform unauthorized actions on behalf of legitimate users through crafted web requests. An attacker can exploit this vulnerability to cause integrity and availability impact by forcing a victim's browser to make unwanted requests to the Lemmony application. The attack requires user interaction (clicking a malicious link) but has a low attack complexity and network accessibility, making it a practical threat in multi-user web environments.