Lucene search
K

4 matches found

NVD
NVD
added 2021/05/19 10:15 p.m.31 views

CVE-2021-29624

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...

6.5CVSS0.00829EPSS
Exploits0References6
Prion
Prion
added 2021/05/19 10:15 p.m.19 views

Cross site request forgery (csrf)

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...

4.3CVSS6.4AI score0.00829EPSS
Exploits0References6Affected Software1
Node.js
Node.js
added 2021/05/17 8:54 p.m.67 views

cookie tossing attack

Overview Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Recommendation Upgrade to version 3.1.0 or later References - CVE - GitHub Advisory...

4.3CVSS2AI score0.00829EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/05/17 8:53 p.m.27 views

GHSA-RC4Q-9M69-GQP8 Lack of protection against cookie tossing attacks in fastify-csrf

Impact Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Patches Version 3.1.0 of the fastify-csrf fixes it. See https://github.com/fastify/fastify-csrf/pull/51 and...

6.5CVSS5.6AI score0.00829EPSS
Exploits0References7
Rows per page
Query Builder