Filtered by vendor Fastify
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28482 | 1 Fastify | 1 Fastify-csrf | 2024-11-21 | 5.9 Medium |
| This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter | ||||
| CVE-2018-3711 | 1 Fastify | 1 Fastify | 2024-11-21 | 7.5 High |
| Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | ||||