Nondeterministic Postrequisite Metaprotocol
    Severity: moderate

    cookie tossing attack

    fastify-csrf

    Overview

    Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service.

    Remediation

    Upgrade to version 3.1.0 or later

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 17th, 2021
    2. reported

      Reported by Anonymous
      May 17th, 2021