In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. References https://nvd.nist.gov/vuln/detail/CVE-2021-28490 https://github.com/reidmefirst/vuln-disclosure/blob/main/2021-01.txt https://owasp.org/www-project-csrfguard/ https://github.com/advisories/GHSA-jx66-5ww9-m6q4
