VYPR
Critical severity9.8NVD Advisory· Published Jul 20, 2017· Updated Jun 17, 2026

CVE-2017-9785

CVE-2017-9785

Description

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
NancyNuGet
< 1.4.41.4.4
NancyNuGet
>= 2.0.0-alpha, < 2.0.02.0.0

Affected products

6
  • Nancyfx/Nancy4 versions
    cpe:2.3:a:nancyfx:nancy:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:nancyfx:nancy:*:*:*:*:*:*:*:*range: <=1.4.3
    • cpe:2.3:a:nancyfx:nancy:2.0.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:nancyfx:nancy:2.0.0:barneyrubble:*:*:*:*:*:*
    • cpe:2.3:a:nancyfx:nancy:2.0.0:clinteastwood:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.4.4
  • Range: NancyFX Framework Up to 2.0.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.