3 matches found
CVE-2022-39287
tiny-csrf is a Node.js cross site request forgery CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advise...
Cross-Site Request Forgery (CSRF)
Astro is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the Content-Type header in Astro's CSRF-protection middleware, which allows semicolon-delimited parameters to bypass CSRF checks...
CVE-2022-39287 Plaintext transmission of CSRF tokens in tiny-csrf
tiny-csrf is a Node.js cross site request forgery CSRF protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are advise...