Lucene search
Veracode Vulnerability DatabaseVERACODE:40135HistoryApr 17, 2023 - 1:11 p.m.
Cross-Site Request Forgery
2023-04-1713:11:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
cross-site request forgery
csrf
vulnerability
unauthorized access
sveltejs/kit
software
0.001 Low
EPSS
Percentile
39.8%
@sveltejs/kit is vulnerable to Cross-Site Request Forgery (CSRF). Malicious requests can be submitted from third-party domains, which allows an attacker to execute operations within the victim’s session via bypassing CSRF protection by specifying a Content-Type header value such as text/plain, possibly leading to unauthorized access to user accounts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @sveltejs/kit | le | 1.15.0 | |
| @sveltejs/kit | le | 1.15.0 |
Related
prion
prion
Cross site request forgery (csrf)
2023-04-04 22:15:00
cvelist
cvelist
osv
osv
CVE-2023-29003
2023-04-04 22:15:08
SvelteKit vulnerable to Cross-Site Request Forgery
2023-04-04 21:20:47
github
github
SvelteKit vulnerable to Cross-Site Request Forgery
2023-04-04 21:20:47
cve
cve
CVE-2023-29003
2023-04-04 22:15:08
nvd
nvd
CVE-2023-29003
2023-04-04 22:15:08