CVE-2024-39163 Information

Description

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.

Reference

https://github.com/binux/pyspider/blob/master/pyspider/webui/debug.py#L39 https://www.sonarsource.com/blog/basic-http-authentication-risk-uncovering-pyspider-vulnerabilities/