Cross-site Request Forgery (CSRF)

Affecting eslint_d package, versions <4.0.1 >=4.0.0 || <3.1.2

medium severity

Overview

eslint_d is a fast linter. Affected versions of the package are vulnerable to Cross-site Request Forgery (CSRF).

Remediation

Upgrade eslint_d to version 4.0.1 or higher.

References

Do your applications use this vulnerable package?

Credit
Andri Möll
CWE
CWE-352
Snyk ID
npm:eslint_d:20160723
Disclosed
22 Jul, 2016
Published
08 May, 2017