Sign in Subscribe

← All advisories

Critical severity9.8NVD Advisory· Published Jul 20, 2017· Updated May 13, 2026

CVE-2017-9785

CVE-2017-9785

Description

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
NancyNuGet	< 1.4.4	1.4.4
NancyNuGet	>= 2.0.0-alpha, < 2.0.0	2.0.0

Affected products

5

Nancyfx/Nancyfx Framework Up To 2.0.0v5
Range: NancyFX Framework Up to 2.0.0
Nancyfx/Nancy4 versions
cpe:2.3:a:nancyfx:nancy:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:nancyfx:nancy:*:*:*:*:*:*:*:*range: <=1.4.3
- cpe:2.3:a:nancyfx:nancy:2.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:nancyfx:nancy:2.0.0:barneyrubble:*:*:*:*:*:*
- cpe:2.3:a:nancyfx:nancy:2.0.0:clinteastwood:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

github.com/NancyFx/Nancy/releases/tag/v1.4.4nvdRelease NotesThird Party AdvisoryWEB
github.com/advisories/GHSA-mx3q-j2g2-5qxqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-9785ghsaADVISORY

News mentions

0

No linked articles in our index yet.