Описание
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0.
EPSS
Процентиль: 0%
0.00006
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.9
debian
4 дня назад
Qwik is a performance focused javascript framework. Prior to version 1 ...
CVSS3: 5.9
github
4 дня назад
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
EPSS
Процентиль: 0%
0.00006
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-352