How severe is CVE-2021-29624?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-29624?

This is classified as CWE-565, which is a common weakness in software security.

CVE-2021-29624 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains.

Related Vulnerabilities

CVE-2020-26955

MEDIUM

CVSS:6.5(Medium)

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original ...

CWE-5652020

CVE-2022-1148

MEDIUM

CVSS:6.5(Medium)

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's...

CWE-5652022

CVE-2022-2615

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-5652022

CVE-2017-8034

MEDIUM

CVSS:6.6(Medium)

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer...

CWE-5652017

CVE-2020-15128

MEDIUM

CVSS:6.3(Medium)

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other the...

CWE-5652020

CVE-2021-3818

MEDIUM

CVSS:6.3(Medium)

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

CWE-5652021