{"id":"CVE-2020-36247","details":"Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.","modified":"2026-04-12T00:00:43.892120Z","published":"2021-02-19T06:15:12.620Z","references":[{"type":"ADVISORY","url":"https://listsprd.osu.edu/pipermail/ood-users/2020-April/000397.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/osc/ondemand","events":[{"introduced":"0"},{"fixed":"97c2cb286dc53a546e57f23cbf6d18bec74163c6"},{"introduced":"281a996f67547b1d64bd95cb107749a9c27f1101"},{"fixed":"1244046cc54c5eb479064e0f35758b21d68724e2"}],"database_specific":{"cpe":"cpe:2.3:a:osc:open_ondemand:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.5.7"},{"introduced":"1.6.0"},{"fixed":"1.6.22"}],"source":"CPE_FIELD"}}],"versions":["v1.2.1","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.4.0","v1.4.1","v1.4.10","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.6","v1.6.0","v1.6.1","v1.6.10","v1.6.11","v1.6.12","v1.6.12_citest","v1.6.13","v1.6.14","v1.6.15","v1.6.16","v1.6.17","v1.6.17-2","v1.6.18","v1.6.18_rc1","v1.6.19","v1.6.2","v1.6.20","v1.6.21","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.8_cr3","v1.6.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36247.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}