2 matches found
GHSA-84G9-W2XQ-VCV6 React Router: Potential CSRF via PUT/PATCH/DELETE document requests
Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...
PT-2025-30485
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Description Thunderbird cached Cross-Origin Resource Sharing CORS preflight responses across IP address changes, which allowed bypassing CORS protections with DNS rebinding...