High severityNVD Advisory· Published Nov 16, 2023· Updated Aug 2, 2024
Cross-Site Request Forgery (CSRF) in prefecthq/prefect
CVE-2023-6022
Description
Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prefectPyPI | >= 2.0.0, < 2.16.5 | 2.16.5 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/prefectpkg:apk/chainguard/prefect-oci-entrypointpkg:apk/chainguard/prefect-oci-entrypoint-compatpkg:apk/chainguard/py3.11-prefectpkg:apk/chainguard/py3.12-prefectpkg:apk/chainguard/py3.13-prefectpkg:apk/chainguard/py3.14-prefectpkg:pypi/prefect
< 3.6.9-r0+ 7 more
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: < 3.6.9-r0
- (no CPE)range: >= 2.0.0, < 2.16.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4hh5-2678-83fxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6022ghsaADVISORY
- github.com/PrefectHQ/prefect/blob/main/RELEASE-NOTES.mdghsaWEB
- github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3ghsaWEB
- huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235afghsaWEB
News mentions
0No linked articles in our index yet.