Fastify - Fastify-csrf CVE

Filtered by vendor Fastify Subscribe

Filtered by product Fastify-csrf

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-28482	1 Fastify	1 Fastify-csrf	2021-01-27	6.8 MEDIUM	8.8 HIGH
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter

Vulnerabilities (CVE)