Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2023/04/07 7:23 p.m.6 views

@brewer/beerui (>=1.1.9 <=1.1.17), @evidence-dev/components (>=0.0.0-0d3aa317 <=2.5.1) +15 more potentially affected by CVE-2023-29008 via @sveltejs/kit (>=1.0.0-next.100 <=1.13.0)

@sveltejs/kit NPM version =1.0.0-next.100, =1.1.9, =0.0.0-0d3aa317, =1.0.19, =1.0.0-next.8, =1.0.0-next.13, =0.0.20, =0.15.0-next.1, =0.19.0, =0.17.0, =0.6.0, =0.7.8 - svelte-image-preprocessor-cloudinary =0.0.4-beta.1 and more Source cves: CVE-2023-29008 Source advisory: OSV:GHSA-GV7G-X59X-WF8F...

8.8CVSS7.2AI score0.00373EPSS
Exploits1
Circl
Circl
added 2023/04/06 8:27 p.m.6 views

CVE-2023-29008

creationtimestamp| type| source ---|---|--- 2023-04-06 20:27:10+00:00| seen| https://t.me/cibsecurity/61571...

8.8CVSS8.1AI score0.00373EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/06 4:36 p.m.13 views

CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS9AI score0.00373EPSS
Exploits1References2
CVE
CVE
added 2023/04/06 4:36 p.m.90 views

CVE-2023-29008

CVE-2023-29008 (SvelteKit CSRF issue) is described across multiple sources as a CSRF protection bypass in versions prior to 1.15.2. The vulnerability arises because the internal CSRF check (respond.js) relies on a Content-Type comparison that can be bypassed when an upper-cased Content-Type heade...

8.8CVSS8.9AI score0.00373EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder