Description

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter

Remediation

References

https://github.com/fastify/fastify-csrf/pull/26

https://snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044

Related Vulnerabilities

CVE-2017-9096 Vulnerability in maven package com.itextpdf:forms

CVE-2022-39386 Vulnerability in npm package @fastify/websocket

CVE-2021-44228 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2019-19466 Vulnerability in npm package sceditor

CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory