Количество 3
Количество 3
CVE-2026-25151
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0.
CVE-2026-25151
Qwik is a performance focused javascript framework. Prior to version 1 ...
GHSA-r666-8gjf-4v5f
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25151 Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued Content-Type headers. This issue has been patched in version 1.19.0. | CVSS3: 5.9 | 0% Низкий | 5 дней назад |
| CVE-2026-25151 Qwik is a performance focused javascript framework. Prior to version 1 ... | CVSS3: 5.9 | 0% Низкий | 5 дней назад |
| GHSA-r666-8gjf-4v5f Qwik City has a CSRF Protection Bypass via Content-Type Header Validation | CVSS3: 5.9 | 0% Низкий | 5 дней назад |
Уязвимостей на страницу