Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:39 p.m.8 views

CVE-2022-39287

tiny-csrf is a Node.js cross site request forgery CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advise...

8.1CVSS6.6AI score0.00392EPSS
Exploits0References1
Circl
Circl
added 2022/10/08 12:17 a.m.5 views

CVE-2022-39287

creationtimestamp| type| source ---|---|--- 2022-10-08 00:17:57+00:00| seen| https://t.me/cibsecurity/51045...

8.1CVSS7.1AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2022/10/07 12:0 a.m.58 views

CVE-2022-39287

CVE-2022-39287 affects tiny-csrf, a Node.js CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted, causing CSRF tokens to be transmitted in the clear. The issue is addressed in commit 8eead6d, with the patch planned for inclusion in version 1.1.0. Users should upgrade ...

8.1CVSS7AI score0.00392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/10/07 12:0 a.m.29 views

CVE-2022-39287 Plaintext transmission of CSRF tokens in tiny-csrf

tiny-csrf is a Node.js cross site request forgery CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advise...

8.1CVSS6.6AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder