Medium severity6.3OSV Advisory· Published Nov 27, 2020· Updated Jun 17, 2026
CVE-2020-7780
CVE-2020-7780
Description
This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.softwaremill.akka-http-session:core_2.13Maven | < 0.5.11 | 0.5.11 |
com.softwaremill.akka-http-session:core_2.12Maven | < 0.5.11 | 0.5.11 |
com.softwaremill.akka-http-session:core_2.11Maven | < 0.5.11 | 0.5.11 |
Affected products
4- Range: release-0.1, release-0.1.2, release-0.1.3, …
- ghsa-coords3 versionspkg:maven/com.softwaremill.akka-http-session/core_2.11pkg:maven/com.softwaremill.akka-http-session/core_2.12pkg:maven/com.softwaremill.akka-http-session/core_2.13
< 0.5.11+ 2 more
- (no CPE)range: < 0.5.11
- (no CPE)range: < 0.5.11
- (no CPE)range: < 0.5.11
Patches
Vulnerability mechanics
References
8- github.com/softwaremill/akka-http-session/commit/57f11663eecb84be03383d164f655b9c5f953b41nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1045352nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046654nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046655nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-q42q-523g-3fwvghsaADVISORY
- github.com/softwaremill/akka-http-session/issues/74nvdThird Party AdvisoryWEB
- github.com/softwaremill/akka-http-session/issues/77nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-7780ghsaADVISORY
News mentions
0No linked articles in our index yet.