641 matches found
Cross site request forgery (csrf)
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
Session fixation
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
GHSA-4M3M-PPVX-XGW9 Session fixation in fastify-passport
Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library fo...
Session fixation in fastify-passport
Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library fo...
GHSA-2CCF-FFRJ-M4QW CSRF token fixation in fastify-passport
The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...
CSRF token fixation in fastify-passport
The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2023-29020
CVE-2023-29020 describes a CSRF token fixation flaw in the interaction between @fastify/passport and @fastify/csrf-protection. The issue arises because @fastify/passport does not clear the user session on login, allowing the _csrf token generated before authentication to remain valid across unaut...
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
CVE-2023-29019
The CVE-2023-29019 issue affects the @fastify/passport package used with @fastify/session. The login flow preserves the sessionId between pre-login and authenticated sessions due to the authenticate function, enabling session fixation by network or same-site attackers who can supply a valid sessi...
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
PT-2023-22091 · Unknown · @Fastify/Passport +1
Name of the Vulnerable Software and Affected Versions: @fastify/passport versions prior to the version that regenerates sessionId upon login Description: Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management...
CVE-2023-27495
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...
@flowforge/flowforge (>=0.9.0 <=0.10.0), schwing (>=0.2.14 <=0.2.26) potentially affected by CVE-2021-29624 +1 more via @fastify/csrf-protection (=5.1.0)
@fastify/csrf-protection NPM version =5.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fastify/csrf-protection and may be impacted: - @flowforge/flowforge =0.9.0, =0.2.14, =0.2.26 Source cves: CVE-2021-29624, CVE-2023-27495 Source advisory:...
Bypass of CSRF protection in the presence of predictable userInfo
Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...
CVE-2023-27495
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...
Cross site request forgery (csrf)
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...