18 matches found
CVE-2026-43180
A flaw was found in the Linux kernel's kaweth USB network driver. The kawethsetrxmode function incorrectly manipulates the transmit TX queue, allowing it to be re-enabled while a USB Request Block URB is still active. This can result in the same URB being submitted twice, leading to a kernel...
GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability
A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...
CSRF Token Reuse Vulnerability
A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...
Cross Site Request Forgery (CSRF)
Csurf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability exists because of using insecure encryption, failing to check cookie signatures by default and incorrect implementation of the double-submit cookie implementation. An attacker can leverage these vulnerabilities to generate...
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
Cross site request forgery (csrf)
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
CVE-2021-29624 Lack of protection against cookie tossing attacks in fastify-csrf
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
Fastify 跨站请求伪造漏洞
Fastify is an open source web framework for Node.js from the OpenJS Openjs Foundation. Node.js fastify suffers from a security vulnerability that allows an attacker to trigger cross-site request forgery via Cookie Double Submit in Node.js fastify-csrf in order to force the victim to perform an...
cookie tossing attack
Overview Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Recommendation Upgrade to version 3.1.0 or later References - CVE - GitHub Advisory...
GHSA-RC4Q-9M69-GQP8 Lack of protection against cookie tossing attacks in fastify-csrf
Impact Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Patches Version 3.1.0 of the fastify-csrf fixes it. See https://github.com/fastify/fastify-csrf/pull/51 and...
Lack of protection against cookie tossing attacks in fastify-csrf
Impact Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Patches Version 3.1.0 of the fastify-csrf fixes it. See https://github.com/fastify/fastify-csrf/pull/51 and...
PT-2021-18374 · Unknown · Fastify-Csrf
Name of the Vulnerable Software and Affected Versions: fastify-csrf versions prior to 3.1.0 Description: The issue affects applications using the fastify-csrf plugin with the "double submit" mechanism, particularly those deployed across multiple subdomains. To fully implement protection, users of...
GHSA-WHRH-9J4Q-G7PH CSRF Vulnerability in polaris-website
Impact CSRF vulnerability: In some very specific circumstances, an attacker would be able to update your settings. Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your...
CSRF Vulnerability in polaris-website
Impact CSRF vulnerability: In some very specific circumstances, an attacker would be able to update your settings. Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your...
CVE-2020-15135
save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-15135
save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
Cross site request forgery (csrf)
save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-15135
The CVE-2020-15135 entry concerns the save-server npm package, where versions before 1.05 are vulnerable to CSRF due to no CSRF mitigation. The issue enables a attacker, via a malicious site, to perform actions like uploading/deleting files, adding redirects, and potentially managing users if the...