Passport vulnerable to session regeneration when a users logs in or out
Moderate severity
GitHub Reviewed
Published
Jul 2, 2022
to the GitHub Advisory Database
•
Updated Sep 11, 2023
Description
Published by the National Vulnerability Database
Jul 1, 2022
Published to the GitHub Advisory Database
Jul 2, 2022
Reviewed
Jul 6, 2022
Last updated
Sep 11, 2023
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
References