This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2021-01-19T14:50:18.191366Z
Updated: 2024-09-16T19:05:34.497Z
Reserved: 2020-11-12T00:00:00
Link: CVE-2020-28482
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-19T15:15:12.153
Modified: 2024-11-21T05:22:53.097
Link: CVE-2020-28482
Redhat
No data.