Lucene search
GoogleOSV:GHSA-PJ2C-H76W-VV6FHistoryOct 07, 2022 - 9:23 p.m.
tiny-csrf has openly visible CSRF tokens
2022-10-0721:23:18
Google
osv.dev
8
csrf tokens
weak encryption
malicious attackers
patched
upgrade
owasp
github repository
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
48.8%
Impact
Weak encryption on CSRF so tokens can be read by malicious attackers.
Patches
Problems have been patched as of v1.1.0
Workarounds
Upgrade to v1.1.0
References
For more information
Submit an issue at the github repo
Related
cve
cve
CVE-2022-39287
2022-10-07 20:15:15
github
github
tiny-csrf has openly visible CSRF tokens
2022-10-07 21:23:18
nvd
nvd
CVE-2022-39287
2022-10-07 20:15:15
prion
prion
Cross site request forgery (csrf)
2022-10-07 20:15:00
cvelist
cvelist
CVE-2022-39287 Plaintext transmission of CSRF tokens in tiny-csrf
2022-10-07 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-10-11 14:13:42
osv
osv
CVE-2022-39287
2022-10-07 20:15:15
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
48.8%
Related for OSV:GHSA-PJ2C-H76W-VV6F