2 matches found
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
CVE-2023-29019
The CVE-2023-29019 issue affects the @fastify/passport package used with @fastify/session. The login flow preserves the sessionId between pre-login and authenticated sessions due to the authenticate function, enabling session fixation by network or same-site attackers who can supply a valid sessi...