Wiz
Vulnerability DatabaseCVE-2022-3978

CVE-2022-3978
JavaScript vulnerability analysis and mitigation

Overview

A vulnerability was discovered in NodeBB up to version 2.5.7 affecting the /register/abort functionality. The issue was identified and disclosed on November 9, 2022, and was related to missing CSRF token validation in the registration abort process (NodeBB Issue).

Technical details

The vulnerability stemmed from the /register/abort endpoint not checking for CSRF tokens in the authentication process. The affected code was located in NodeBB's authentication routes, specifically in src/routes/authentication.js. While the impact was limited and required local machine access, it represented a deviation from security best practices (NodeBB Issue).

Impact

The vulnerability's impact was relatively limited, as it could only prevent users from completing the registration process and required local access to the machine to exploit. It was not classified as a critical security vulnerability but rather as a best-practice issue (NodeBB Issue).

Mitigation and workarounds

The vulnerability was fixed in NodeBB version 2.5.8, released on November 9, 2022. The fix involved adding CSRF token validation to the /register/abort endpoint and updating the corresponding theme templates to pass the CSRF token correctly (NodeBB Release).

Additional resources

SourceThis report was generated using AI

Related JavaScript vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-67731HIGH8.7
  • JavaScriptJavaScript
  • servify-express
NoYesDec 12, 2025
CVE-2025-67718HIGH8.7
  • JavaScriptJavaScript
  • formio
NoYesDec 11, 2025
CVE-2025-65513HIGH7.5
  • JavaScriptJavaScript
  • mcp-fetch-server
NoNoDec 09, 2025
CVE-2025-67716MEDIUM5.7
  • JavaScriptJavaScript
  • @auth0/nextjs-auth0
NoYesDec 11, 2025
CVE-2025-67490MEDIUM5.4
  • JavaScriptJavaScript
  • @auth0/nextjs-auth0
NoYesDec 10, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo