4 matches found
EUVD-2021-1177
Malware in sbrugna...
Cross-site Request Forgery (CSRF)
@fastify/csrf-protection is vulnerable to Cross-site Request Forgery CSRF. An attackers is able to bypass the CSRF protection mechanism by fixing a csrf cookie in the victim's browser and forging valid CSRF tokens that are valid for the victim's session...
Cross site request forgery (csrf)
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
@flowforge/flowforge (>=0.9.0 <=0.10.0), schwing (>=0.2.14 <=0.2.26) potentially affected by CVE-2021-29624 +1 more via @fastify/csrf-protection (=5.1.0)
@fastify/csrf-protection NPM version =5.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fastify/csrf-protection and may be impacted: - @flowforge/flowforge =0.9.0, =0.2.14, =0.2.26 Source cves: CVE-2021-29624, CVE-2023-27495 Source advisory:...