tiny-csrf@1.0.3 vulnerabilities

Tiny CSRF library for use with ExpressJS

Direct Vulnerabilities

Known vulnerabilities in the tiny-csrf package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

tiny-csrf is a tiny csrf library meant to replace csurf.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in index.js, due to weak encryption of CSRF tokens.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade tiny-csrf to version 1.1.0 or higher.

<1.1.0