VYPR

npm package

tiny-csrf

pkg:npm/tiny-csrf

Vulnerabilities (1)

  • CVE-2022-39287Oct 7, 2022
    affected < 1.1.0fixed 1.1.0

    tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.