31 matches found
EUVD-2021-1177
Malware in sbrugna...
EUVD-2021-0487
Malware in sbrugna...
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
Cross-site Request Forgery (CSRF)
@fastify/csrf-protection is vulnerable to Cross-site Request Forgery CSRF. An attackers is able to bypass the CSRF protection mechanism by fixing a csrf cookie in the victim's browser and forging valid CSRF tokens that are valid for the victim's session...
Cross site request forgery (csrf)
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
@flowforge/flowforge (>=0.9.0 <=0.10.0), schwing (>=0.2.14 <=0.2.26) potentially affected by CVE-2021-29624 +1 more via @fastify/csrf-protection (=5.1.0)
@fastify/csrf-protection NPM version =5.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fastify/csrf-protection and may be impacted: - @flowforge/flowforge =0.9.0, =0.2.14, =0.2.26 Source cves: CVE-2021-29624, CVE-2023-27495 Source advisory:...
CVE-2022-41919
A Cross-site request forgery CSRF vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch requests that could be used to invoke routes that only accept application/json...
Cross site request forgery (csrf)
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2022-41919 Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type
Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
Cross site request forgery (csrf)
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
CVE-2021-29624 Lack of protection against cookie tossing attacks in fastify-csrf
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service...
CVE-2021-29624
CVE-2021-29624 concerns fastify-csrf. Older releases (pre-3.1.0) use a double-submitted cookie CSRF mechanism across subdomains, which is addressed in 3.1.0. The vulnerability involves the optional userInfo parameter that binds the CSRF token to the user; if userInfo is missing or predictable, ne...
Cross-site Request Forgery (CSRF)
fastify-csrf is vulnerable to Cross-site Request Forgery CSRF. The vulnerability exists when fastify-csrf is used with the "double submit" mechanism using cookies with an application deployed across multiple subdomains...
Fastify 跨站请求伪造漏洞
Fastify is an open source web framework for Node.js from the OpenJS Openjs Foundation. Node.js fastify suffers from a security vulnerability that allows an attacker to trigger cross-site request forgery via Cookie Double Submit in Node.js fastify-csrf in order to force the victim to perform an...
cookie tossing attack
Overview Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Recommendation Upgrade to version 3.1.0 or later References - CVE - GitHub Advisory...
GHSA-RC4Q-9M69-GQP8 Lack of protection against cookie tossing attacks in fastify-csrf
Impact Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Patches Version 3.1.0 of the fastify-csrf fixes it. See https://github.com/fastify/fastify-csrf/pull/51 and...
@nodosjs/view-extension (=0.0.43) potentially affected by CVE-2021-29624 via fastify-csrf (=2.0.0)
fastify-csrf NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastify-csrf and may be impacted: - @nodosjs/view-extension =0.0.43 Source cves: CVE-2021-29624 Source advisory: OSV:GHSA-RC4Q-9M69-GQP8...