Vulnerabilities

 1 via 1 paths

Dependencies

 132

Source

 GitHub

Commit

 83e0c791

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Session Fixation

  • Vulnerable module: passport
  • Introduced through: passport@0.4.1

Detailed paths

  • Introduced through: pitch-finder@seanjmurray/pitch-finder#83e0c79116ee7aa3d7c0286d542e8192368c3e81 passport@0.4.1
    Remediation: Upgrade to passport@0.6.0.

Overview

passport is a Simple, unobtrusive authentication for Node.js.

Affected versions of this package are vulnerable to Session Fixation. When a user logs in or logs out, the session is regenerated instead of being closed.

Remediation

Upgrade passport to version 0.6.0 or higher.

References

Session Fixation vulnerability report