2 matches found
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
CVE-2021-41246
Express OpenID Connect middleware for Express.js is affected. Versions up to and including 2.5.1 do not regenerate the session id and session cookie on login, enabling session-fixation risks. A patch exists in version 2.5.2, which fixes the issue. Several sources corroborate this behavior and pat...