2 matches found
CVE-2026-27193 Feathers exposes internal headers via unencrypted session cookie
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth servi...
@vevedh/bke-dsi-cacem (>=2.0.4 <=4.0.1), @xrengine/analytics (>=0.5.0 <=0.5.8) +2 more potentially affected by CVE-2026-27193 via @feathersjs/authentication-oauth (>=5.0.0-pre.10 <=5.0.12)
@feathersjs/authentication-oauth NPM version =5.0.0-pre.10, =2.0.4, =0.5.0, =0.5.4, =0.0.1, =2.0.4 Source cves: CVE-2026-27193 Source advisory: SNYK:JS-FEATHERSJSAUTHENTICATIONOAUTH-15325870...