Количество 2
Количество 2
CVE-2020-28482
около 5 лет назад
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
CVSS3: 5.9
EPSS: Низкий
GHSA-49wp-qq6x-g2rf
около 5 лет назад
Cross-site Request Forgery in fastify-csrf
CVSS3: 8.8
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-28482 This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter | CVSS3: 5.9 | 0% Низкий | около 5 лет назад |
| GHSA-49wp-qq6x-g2rf Cross-site Request Forgery in fastify-csrf | CVSS3: 8.8 | 0% Низкий | около 5 лет назад |
Уязвимостей на страницу
20