RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests

Summary Server functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on...

Cross-site Request Forgery (CSRF)

Overview rwsdk is a Build fast, server-driven webapps on Cloudflare with SSR, RSC, and realtime Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the server function dispatch process. An attacker can cause unauthorized state-changing operations by tricking a...