CVE-2017-9785
moderate-risk
Published 2017-07-20
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
Do I need to act?
~
2.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: b826aaf6c00b51804c0de9542c1f7c13a3ef2604
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Nancy
Nancy
Nancy
Nancy
Affected Vendors
References (2)
Release Notes
https://github.com/NancyFx/Nancy/releases/tag/v1.4.4
Release Notes
https://github.com/NancyFx/Nancy/releases/tag/v1.4.4
47
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
10/34 · Low