Description
Weak encryption on CSRF so tokens can be read by malicious attackers.
Recommendation
Update the tiny-csrf package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.0
- Patched version(s): 1.1.0
References
Related Issues
- Sudden swap of user auth tokens in Volto - CVE-2022-24740
- React Router has CSRF issue in Action/Server Action Request Processing - CVE-2026-22030
- isolated-vm has vulnerable CachedDataOptions in API - CVE-2022-39266
- SvelteKit framework has Insufficient CSRF protection for CORS requests - CVE-2023-29008
- Tags:
- npm
- tiny-csrf
Anything's wrong? Let us know Last updated on February 01, 2023