CRITICAL🇵🇱 Wersja polska

CVE-2021-47157

CVSS 9.8v3.1pub. 2024-03-18upd. 2026-04-15

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-346 (Origin Validation Error) involves the Kossy module not properly verifying the X-Requested-With header in HTTP requests. The lack of this verification enables an attacker to perform a JSON hijacking attack, in which a malicious website can intercept JSON responses returned by an application built on the Kossy module. The attack requires no authentication or user interaction (according to CVSS vector: PR:N, UI:N).

Impact

An attacker can gain unauthorized access to sensitive data returned in JSON responses (confidentiality breach), and depending on the application architecture, may also affect the integrity and availability of the system.

Mitigation & patch

The Kossy module should be updated to version 0.60 or later. Detailed information is available in the project changelog on metacpan.org and in pull request #16 in the Kossy project GitHub repository.

Who is affected

Kossy module for Perl in versions prior to 0.60.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References