High severity8.8NVD Advisory· Published Aug 19, 2021· Updated Jun 17, 2026
CVE-2021-28490
CVE-2021-28490
Description
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.owasp:csrfguardMaven | < 4.0.0 | 4.0.0 |
Affected products
2- OWASP/CSRFGuarddescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jx66-5ww9-m6q4ghsaADVISORY
- github.com/reidmefirst/vuln-disclosure/blob/main/2021-01.txtnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-28490ghsaADVISORY
- owasp.org/www-project-csrfguardghsaWEB
- owasp.org/www-project-csrfguard/nvdProduct
News mentions
0No linked articles in our index yet.