RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.2.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the use of HTTP methods on the server without source...

@flightpkg/create-redwood-app (=1.0.0), @layer0/redwood (>=4.7.1-next-1639602777-e3c518e56.0 <=4.7.1-next-1639605987-6c7a0e965.0) +10 more potentially affected by unknown CVE via @redwoodjs/api (>=0.38.0 <=2.2.4)

@redwoodjs/api NPM version =0.38.0, =4.7.1-next-1639602777-e3c518e56.0, =0.38.0, =0.38.0, =0.39.0, =0.38.0, =0.38.0, =0.38.0, =0.38.0, =0.0.1, =0.38.0, =0.38.0, =2.2.4 Source cves: unknown CVE Source advisory: OSV:GHSA-3QMC-2R76-4RQP...

@redwoodjs/auth-dbauth-setup (=0.0.2), @redwoodjs/auth-providers-setup (=0.0.1) +12 more potentially affected by unknown CVE via @redwoodjs/api (>=3.0.0 <=3.3.0)

@redwoodjs/api NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.3.0 Source cves: unknown CVE Source advisory: OSV:GHSA-3QMC-2R76-4RQP...