Homepage About Snyk

Deserialization of Untrusted Data Affecting nancy Open this link in a new tab package, versions [,1.4.4)

0.0
critical

  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

  • snyk-id

    SNYK-DOTNET-NANCY-72545

  • published

    30 Oct 2018

  • disclosed

    20 Jul 2017

  • credit

    Unknown

Report a new vulnerability Found a mistake?

Introduced: 20 Jul 2017

CVE-2017-9785 Open this link in a new tab
CWE-352 Open this link in a new tab

Overview

nancy is a lightweight web framework for the .Net platform, inspired by Sinatra.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the CSRF cookie handling.

Remediation

Upgrade nancy to version 1.4.4 or higher.