CVE-2019-19723
CVE-2019-19723 has connected details: All versions of the npm package passport-cognito are vulnerable to Improper Authorization due to failure to properly scope authorization-related variables (access token, refresh token, ID token). This creates a race condition where concurrent authenticated us...