Lucene search
+L

5 matches found

circl
circl
added 2023/04/20 10:31 p.m.8 views

CVE-2023-27495

creationtimestamp| type| source ---|---|--- 2023-04-20 22:31:02+00:00| seen| https://t.me/cibsecurity/62548...

6.5CVSS6.3AI score0.00331EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2023/04/20 9:18 p.m.7 views

@flowforge/flowforge (>=0.9.0 <=0.10.0), schwing (>=0.2.14 <=0.2.26) potentially affected by CVE-2021-29624 +1 more via @fastify/csrf-protection (=5.1.0)

@fastify/csrf-protection NPM version =5.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fastify/csrf-protection and may be impacted: - @flowforge/flowforge =0.9.0, =0.2.14, =0.2.26 Source cves: CVE-2021-29624, CVE-2023-27495 Source advisory:...

6.5CVSS6.5AI score0.00829EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/04/20 5:5 p.m.5 views

CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References3
cvelist
cvelist
added 2023/04/20 5:5 p.m.44 views

CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References3
cve
cve
added 2023/04/20 5:5 p.m.58 views

CVE-2023-27495

The CVE-2023-27495 entry concerns the @fastify/csrf-protection plugin for Fastify. A CSRF protection bypass can occur when the optional userInfo parameter is missing or its value is predictable, allowing network and same-site attackers to fixate the _csrf cookie and forge valid tokens for a user’...

6.5CVSS5.7AI score0.00331EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder