HermanMartinus
commented
1 month ago This is by design. Please don’t run any more automated detection sessions on my repos.
Closed scalzava closed 1 month ago
HermanMartinus
commented
1 month ago This is by design. Please don’t run any more automated detection sessions on my repos.
To whom it may concern.
Our security team is working on the automated detection of session vulnerabilities in opensource web applications, including CSRF. Our analyzer identified that the upvote function of blogs/views/blog.py has been declared as CSRF exempt. After manual analysis, we believe that this practice might leave your application vulnerable to security-relevant CSRF attempts.
Can you take a look into the relevant code parts and comment on the issue?