
We found results for “”
WS-2023-0233
Good to know:

Date: August 19, 2025
Vendure is an e-commerce GraphQL framework with a number of APIs and different levels of authorization. By default the Cookie settings are insecure, having the SameSite setting as false which results in not having one (originates from the cookie session npm package’s default settings). This affects all versions prior to 2.0.3.
Language: TYPE_SCRIPT
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |