Description
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
Recommendation
Update the openmct package to the latest compatible version. Followings are version details:
- Affected version(s): <= 3.1.0
- Patched version(s): 3.1.1
References
Related Issues
- XSS in the `of` option of the `.position()` util in jquery-ui - CVE-2021-41184
- NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies - CVE-2025-48947
- Strapi allows Server-Side Request Forgery in Webhook function - CVE-2024-52588
- Redoc Prototype Pollution via `Module.mergeObjects` Component - CVE-2024-57083
- Tags:
- npm
- openmct
Anything's wrong? Let us know Last updated on November 22, 2023