EPSS
Percentile
80.2%
nancy is vulnerable to remote code execution (RCE). ObjectSerializer does not properly validate JSON data when handling CSRF cookies, allowing an attacker to inject a malicious JSON object through a CSRF Cookie.
ObjectSerializer
github.com/NancyFx/Nancy/commit/292185a00841acfc115d82c70c95a8df6f5a3d4c
github.com/NancyFx/Nancy/releases/tag/v1.4.4