Cross-Site Request Forgery (CSRF)

2017-06-0902:01:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

30.8%

JSON

zendframework is vulnerable to cross-site request forgery (CSRF). The library does not correctly identify null or mal-formed token identifiers, causing them to be falsely identified as valid tokens. This can allow a malicious user to use this as a vector for cross-site request forgery (CSRF).