CVE-2023-27495
The CVE-2023-27495 entry concerns the @fastify/csrf-protection plugin for Fastify. A CSRF protection bypass can occur when the optional userInfo parameter is missing or its value is predictable, allowing network and same-site attackers to fixate the _csrf cookie and forge valid tokens for a user’...