EPSS
Percentile
48.7%
tiny-csrf is vulnerable to cross-site request forgery. The vulnerability exists due tocsurf because the cookies are not encrypted which allows an attacker to gain access to the tokens and bypass CSRF checks.
csurf
github.com/advisories/GHSA-pj2c-h76w-vv6f
github.com/valexandersaulys/tiny-csrf/commit/8eead6da3b56e290512bbe8d20c2c5df3be317ba
github.com/valexandersaulys/tiny-csrf/security/advisories/GHSA-pj2c-h76w-vv6f