Passport vulnerable to session regeneration when a users logs in or out
- Severity:
- Medium
Description
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
Recommendation
Update the passport package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.6.0
- Patched version(s): 0.6.0
References
Related Issues
- jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label - CVE-2022-31160
- Svelte vulnerable to XSS when using objects during server-side rendering - CVE-2022-25875
- `undici.request` vulnerable to SSRF using absolute URL on `pathname` - CVE-2022-35949
- uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF) (GHSA-x8rq-rc7x-5fg5) - CVE-2022-0086
- Tags:
- npm
- passport
Anything's wrong? Let us know Last updated on September 11, 2023