CVE-2021-29624

Name of the Vulnerable Software and Affected Versions fastify-csrf versions prior to 3.1.0

Description The issue affects applications using the fastify-csrf plugin with the "double submit" mechanism, particularly those deployed across multiple subdomains. To fully implement protection, users of the module must supply a userInfo when generating the CSRF token, which is necessary for applications hosted on different subdomains.

Recommendations For versions prior to 3.1.0, update to version 3.1.0 to fix the issue. As a temporary workaround, consider supplying a userInfo when generating the CSRF token to enhance protection, especially for applications hosted on different subdomains.