Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF) rwsdk is a Build fast, server-driven webapps on Cloudflare with SSR, RSC, and realtime Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the `serverAction` process. An attacker can trigger unauthorized state changes or actions by inducing an authenticated user's browser to send crafted requests from a same-site origin. This is only exploitable if the application uses server actions in combination with cookie-based authentication and the attacker controls a same-site origin as defined by browser policies. How to fix Cross-site Request Forgery (CSRF)? Upgrade `rwsdk` to version 1.2.3 or higher.	>=1.0.0-beta.50 <1.2.3
H Cross-site Request Forgery (CSRF) rwsdk is a Build fast, server-driven webapps on Cloudflare with SSR, RSC, and realtime Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the `server function dispatch` process. An attacker can cause unauthorized state-changing operations by tricking a user with an active session into visiting a crafted URL that triggers server-side actions with the user's credentials. How to fix Cross-site Request Forgery (CSRF)? Upgrade `rwsdk` to version 1.0.6 or higher.	>=1.0.0-beta.50 <1.0.6

Cross-site Request Forgery (CSRF)

rwsdk is a Build fast, server-driven webapps on Cloudflare with SSR, RSC, and realtime

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the serverAction process. An attacker can trigger unauthorized state changes or actions by inducing an authenticated user's browser to send crafted requests from a same-site origin. This is only exploitable if the application uses server actions in combination with cookie-based authentication and the attacker controls a same-site origin as defined by browser policies.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade rwsdk to version 1.2.3 or higher.

>=1.0.0-beta.50 <1.2.3

Cross-site Request Forgery (CSRF)

rwsdk is a Build fast, server-driven webapps on Cloudflare with SSR, RSC, and realtime

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the server function dispatch process. An attacker can cause unauthorized state-changing operations by tricking a user with an active session into visiting a crafted URL that triggers server-side actions with the user's credentials.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade rwsdk to version 1.0.6 or higher.

>=1.0.0-beta.50 <1.0.6

Go back to all versions of this package