Remote Code Execution via Deserialization of JSON data in CSRF Cookie in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse

Remote Code Execution via Deserialization of JSON data in CSRF Cookie in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse

CVE-2017-9785 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.

Learn more about our Web Application Penetration Testing UK.