In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Request Forgery (CSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade csrf-csrf
to version 2.2.1 or higher.
csrf-csrf is an utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) by using the default cookie name when none is provided, which is prefixed with Host__
instead of __Host-
.
This vulnerability can be avoided by setting cookieName
to a safe default value.