Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests
Vulnerability Description
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because browsers send SameSite=Lax cookies on top-level GET requests. This affected all server functions -- both serverAction() handlers and bare exported functions in "use server" files. This vulnerability is fixed in 1.0.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
RedwoodSDK 跨站请求伪造漏洞
Vulnerability Description
RedwoodSDK是RedwoodJS开源的一个基于React的服务器优先Web应用框架。 RedwoodSDK 1.0.0-beta.50至1.0.5版本存在跨站请求伪造漏洞,该漏洞源于服务器函数可通过GET请求调用,可能导致跨站点GET导航触发状态更改函数。
CVSS Information
N/A
Vulnerability Type
N/A