5 matches found
CVE-2023-27495
creationtimestamp| type| source ---|---|--- 2023-04-20 22:31:02+00:00| seen| https://t.me/cibsecurity/62548...
@flowforge/flowforge (>=0.9.0 <=0.10.0), schwing (>=0.2.14 <=0.2.26) potentially affected by CVE-2021-29624 +1 more via @fastify/csrf-protection (=5.1.0)
@fastify/csrf-protection NPM version =5.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fastify/csrf-protection and may be impacted: - @flowforge/flowforge =0.9.0, =0.2.14, =0.2.26 Source cves: CVE-2021-29624, CVE-2023-27495 Source advisory:...
CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...
CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...
CVE-2023-27495
The CVE-2023-27495 entry concerns the @fastify/csrf-protection plugin for Fastify. A CSRF protection bypass can occur when the optional userInfo parameter is missing or its value is predictable, allowing network and same-site attackers to fixate the _csrf cookie and forge valid tokens for a user’...