Lucene search
PRIOn knowledge basePRION:CVE-2022-39287HistoryOct 07, 2022 - 8:15 p.m.
Cross site request forgery (csrf)
2022-10-0720:15:00
PRIOn knowledge base
www.prio-n.com
3
cross site request forgery
node.js
csrf protection
middleware
encryption
clear transmission
security patch
upgrade
nvd
0.001 Low
EPSS
Percentile
48.8%
tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Related
nvd
nvd
CVE-2022-39287
2022-10-07 20:15:15
cve
cve
CVE-2022-39287
2022-10-07 20:15:15
github
github
tiny-csrf has openly visible CSRF tokens
2022-10-07 21:23:18
osv
osv
tiny-csrf has openly visible CSRF tokens
2022-10-07 21:23:18
CVE-2022-39287
2022-10-07 20:15:15
cvelist
cvelist
CVE-2022-39287 Plaintext transmission of CSRF tokens in tiny-csrf
2022-10-07 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-10-11 14:13:42