MEDIUM 4.8
GHSA-v923-w3x8-wh69
Passport vulnerable to session regeneration when a users logs in or out
Details
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-25896 [ADVISORY]
- https://github.com/jaredhanson/passport/pull/900 [WEB]
- https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608 [WEB]
- https://github.com/jaredhanson/passport [PACKAGE]
- https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 [WEB]