← back
CVE-2017-16570

CVE-2017-16570

EPSS 2.2%
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43922/unverifiedexploitdbwww.exploit-db.com/exploits/43922unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/https://github.com/keystonejs/keystone/issues/4437https://github.com/keystonejs/keystone/pull/4478https://www.exploit-db.com/exploits/43922/