Lucene search

CVE-2020-28482

🗓️ 19 Jan 2021 15:12:15Reported by snykType

CVE-2020-28482 affects fastify-csrf before 3.0.0, with insecure cookie defaults and exposed CSRF token in GET parameter

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2020-28482	19 Jan 202115:15	–	osv
OSV	Cross-site Request Forgery in fastify-csrf	20 Jan 202121:30	–	osv
Github Security Blog	Cross-site Request Forgery in fastify-csrf	20 Jan 202121:30	–	github
Cvelist	CVE-2020-28482 Cross-site Request Forgery (CSRF)	19 Jan 202114:50	–	cvelist
Node.js	Cross-Site Request Forgery (CSRF)	22 Feb 202117:29	–	nodejs
Prion	Cross site request forgery (csrf)	19 Jan 202115:15	–	prion
Veracode	Cross-site Request Forgery (CSRF)	20 Jan 202104:06	–	veracode
NVD	CVE-2020-28482	19 Jan 202115:15	–	nvd

Nvd

Node

fastify fastify-csrfRange<3.0.0node.js

[
  {
    "product": "fastify-csrf",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "3.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
snyk	www.snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044
github	www.github.com/fastify/fastify-csrf/pull/26

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Jan 2021 15:15Current

7.1High risk

Vulners AI Score7.1

CVSS26.8

CVSS35.9 - 8.8

EPSS0.00307