Описание
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0.
Уязвимые конфигурации
Конфигурация 1Версия до 1.19.0 (исключая)
cpe:2.3:a:qwik:qwik:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 1%
0.00007
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.9
debian
около 2 месяцев назад
Qwik is a performance focused javascript framework. Prior to version 1 ...
CVSS3: 5.9
github
около 2 месяцев назад
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
EPSS
Процентиль: 1%
0.00007
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-352