Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nancy | Nancyfx | * | 1.4.3 (including) |
Nancy | Nancyfx | 2.0.0-alpha (including) | 2.0.0-alpha (including) |
Nancy | Nancyfx | 2.0.0-barneyrubble (including) | 2.0.0-barneyrubble (including) |
Nancy | Nancyfx | 2.0.0-clinteastwood (including) | 2.0.0-clinteastwood (including) |