Security Advisory

CVE-2020-28482

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-19 14:50:18

Last updated 2024-09-16 19:05:34

Assigner snyk

State PUBLISHED

Description

This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: /, sameSite: true } 2. The CSRF token was available in the GET query parameter

← Browse all CVEs View on cve.org ↗