CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35220 – @fastify/session reuses destroyed session cookie
https://notcve.org/view.php?id=CVE-2024-35220
@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0. @fastify/session es un complemento de sesión para fastify. • https://github.com/fastify/session/commit/0495ce5b534c4550f25228821db8098293439f2f https://github.com/fastify/session/issues/251 https://github.com/fastify/session/security/advisories/GHSA-pj27-2xvp-4qxg • CWE-613: Insufficient Session Expiration •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31999 – @fastify/secure-session: Reuse of destroyed secure session cookie
https://notcve.org/view.php?id=CVE-2024-31999
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. • https://github.com/fastify/fastify-secure-session/commit/56d66642ecc633cff0606927601e81cdac361370 https://github.com/fastify/fastify-secure-session/security/advisories/GHSA-9wwp-q7wq-jx35 • CWE-613: Insufficient Session Expiration •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27495 – Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection
https://notcve.org/view.php?id=CVE-2023-27495
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. • https://github.com/fastify/csrf-protection/commit/be3e5761f37aa05c7c1ac8ed44499c51ecec8058 https://github.com/fastify/csrf-protection/security/advisories/GHSA-qrgf-9gpc-vrxw https://www.cvedetails.com/cve/CVE-2021-29624 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29624 – Lack of protection against cookie tossing attacks in fastify-csrf
https://notcve.org/view.php?id=CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. • https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html https://github.com/fastify/csrf/pull/2 https://github.com/fastify/fastify-csrf/pull/51 https://github.com/fastify/fastify-csrf/releases/tag/v3.1.0 https://github.com/fastify/fastify-csrf/security/advisories/GHSA-rc4q-9m69-gqp8 https://owasp.org/www-pdf-archive/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf • CWE-352: Cross-Site Request Forgery (CSRF) CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28482 – Cross-site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter Esto afecta al paquete fastify-csrf versiones anteriores a 3.0.0. 1. La cookie generada usó valores predeterminados no seguros y no tenía el flag httpOnly en: cookieOpts: { path: '/', sameSite: true } 2. • https://github.com/fastify/fastify-csrf/pull/26 https://snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •