Lucene search
K

6 matches found

Node.js
Node.js
added 2021/02/22 5:29 p.m.70 views

Cross-Site Request Forgery (CSRF)

Overview Affected versions of the fastify-csrf package are vulnerable to Cross-site Request Forgery CSRF. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true . Also, the CSRF token was available in the GET query parameter...

6.8CVSS2.3AI score0.0098EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/01/20 9:30 p.m.8 views

@nodosjs/view-extension (=0.0.43) potentially affected by CVE-2020-28482 via fastify-csrf (=2.0.0)

fastify-csrf NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastify-csrf and may be impacted: - @nodosjs/view-extension =0.0.43 Source cves: CVE-2020-28482 Source advisory: OSV:GHSA-49WP-QQ6X-G2RF...

8.8CVSS7.2AI score0.0098EPSS
Exploits0
Circl
Circl
added 2021/01/19 6:56 p.m.6 views

CVE-2020-28482

creationtimestamp| type| source ---|---|--- 2021-01-19 18:56:04+00:00| seen| https://t.me/cibsecurity/22267...

8.8CVSS8.1AI score0.0098EPSS
Exploits0References1
OSV
OSV
added 2021/01/19 3:15 p.m.18 views

CVE-2020-28482

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

8.8CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/01/19 2:50 p.m.27 views

CVE-2020-28482 Cross-site Request Forgery (CSRF)

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true 2. The CSRF token was available in the GET query parameter...

5.9CVSS8.8AI score0.0098EPSS
Exploits0References2
CVE
CVE
added 2021/01/19 2:50 p.m.58 views

CVE-2020-28482

CVE-2020-28482 affects the npm package fastify-csrf prior to 3.0.0. The issues: (1) the generated cookie uses insecure defaults and lacks the httpOnly flag (cookieOpts: { path: '/', sameSite: true }), and (2) the CSRF token is exposed in the GET query parameter. This weakens CSRF protections and ...

8.8CVSS7.1AI score0.0098EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder