2 matches found
CVE-2024-56140 Bypass of CSRF Middleware in Astro
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...
CVE-2024-56140
CVE-2024-56140 affects the Astro CSRF-protection middleware. A semicolon-delimited parameter after the Content-Type (e.g., application/x-www-form-urlencoded; abc) causes the request to be treated as a simple request, bypassing preflight validation and CSRF checks when security.checkOrigin is true...