CVE-2017-9785

CRITICAL

NancyFX <1.4.4, <2.0 - Deserialization

Title source: llm

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.

CVSS v3 9.8

EPSS 0.0247

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502

Status draft

nancyfx/nancy < 1.4.3

nancyfx/nancy

nuget/Nancy < 1.4.4NuGet

Published Jul 20, 2017

Tracked Since Feb 18, 2026