4 matches found
@brewer/beerui (>=1.1.9 <=1.1.17), @evidence-dev/components (>=0.0.0-0d3aa317 <=2.5.1) +15 more potentially affected by CVE-2023-29008 via @sveltejs/kit (>=1.0.0-next.100 <=1.13.0)
@sveltejs/kit NPM version =1.0.0-next.100, =1.1.9, =0.0.0-0d3aa317, =1.0.19, =1.0.0-next.8, =1.0.0-next.13, =0.0.20, =0.15.0-next.1, =0.19.0, =0.17.0, =0.6.0, =0.7.8 - svelte-image-preprocessor-cloudinary =0.0.4-beta.1 and more Source cves: CVE-2023-29008 Source advisory: OSV:GHSA-GV7G-X59X-WF8F...
CVE-2023-29008
creationtimestamp| type| source ---|---|--- 2023-04-06 20:27:10+00:00| seen| https://t.me/cibsecurity/61571...
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2023-29008
CVE-2023-29008 (SvelteKit CSRF issue) is described across multiple sources as a CSRF protection bypass in versions prior to 1.15.2. The vulnerability arises because the internal CSRF check (respond.js) relies on a Content-Type comparison that can be bypassed when an upper-cased Content-Type heade...