7 matches found
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
@bagisto-native/core (=1.0.2), @bagisto-native/react (>=1.0.0 <=1.0.1) potentially affected by CVE-2025-66803 via @hotwired/turbo (=8.0.17)
@hotwired/turbo NPM version =8.0.17 is affected by a known vulnerability. The following packages have a transitive dependency on @hotwired/turbo and may be impacted: - @bagisto-native/core =1.0.2 - @bagisto-native/react =1.0.0, =1.0.1 Source cves: CVE-2025-66803 Source advisory:...
Insufficient Session Expiration
Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...
CVE-2025-66803
CVE-2025-66803 describes a race condition in the turbo-frame element handler of Hotwired Turbo (pre-8.0.x). The issue can cause logout operations to fail when delayed frame responses reapply session cookies, enabling exploitation by delaying HTTP responses (network delays) or naturally on shared ...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...
Hypermedia and Browser Enhancement
Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different...