[tiny-csrf] tiny-csrf has openly visible CSRF tokens

Impact

Weak encryption on CSRF so tokens can be read by malicious attackers.

Patches

Problems have been patched as of v1.1.0

Workarounds

Upgrade to v1.1.0

References

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html

For more information

Submit an issue at the github repo

References

• https://github.com/valexandersaulys/tiny-csrf/security/advisories/GHSA-pj2c-h76w-vv6f
• https://github.com/valexandersaulys/tiny-csrf/commit/8eead6da3b56e290512bbe8d20c2c5df3be317ba
• https://nvd.nist.gov/vuln/detail/CVE-2022-39287
• https://github.com/advisories/GHSA-pj2c-h76w-vv6f