Back to bug 2159502
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Zack Miele | 2023-01-09 19:48:34 UTC | Summary | CVE-2022-41919 fastify: CSRF | CVE-2022-41919 fastify: CSRF |
| RaTasha Tillery-Smith | 2023-01-10 13:49:47 UTC | Doc Text | A CSRF vulnerability was discovered in fastify due to the improper handing of incorrect Content-Types. An attacker could use an incorrect 'Content-Type' to bypass checks to allow fetch() requests that could potentially be used to invoke routes that only accept `application/json` content type and bypass any CORS protection. | A Cross-site request forgery (CSRF) vulnerability was found in fastify due to improper handling of incorrect Content-Types. This flaw allows an attacker to use an incorrect 'Content-Type' to bypass checks to allow fetch() requests that could be used to invoke routes that only accept `application/json` content type and bypass any CORS protection. |
| Red Hat Bugzilla | 2023-07-07 08:28:36 UTC | Assignee | security-response-team | nobody |
Back to bug 2159502