GHSA-M2M6-CFF5-3W7C RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions
Summary Server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the victim's session cookie attached. Impact An attacker who controls any origin the browser...