csrf-csrf@1.0.2 vulnerabilities
A utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.
-
latest version
3.0.8
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the csrf-csrf package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
csrf-csrf is an utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) by using the default cookie name when none is provided, which is prefixed with How to fix Cross-site Request Forgery (CSRF)? Upgrade |
<2.2.1
|