17 matches found
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
EUVD-2021-2474
Malware in sbrugna...
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
CVE-2022-24794
Express OpenID Connect (express-openid-connect) CVE-2022-24794 describes an Open Redirect vulnerability when requiresAuth is applied on a catch-all route. Affected versions are prior to 2.7.2. The issue arises because the original URL reported by the Express framework is not properly sanitized, a...
CVE-2022-24794 Open Redirect in express-openid-connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
CVE-2022-24794 Open Redirect in express-openid-connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
GHSA-7P99-3798-F85C URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...
@afiether/gateware-kit (>=1.0.0 <=1.2.18), @afiether/kit (>=1.0.0 <=1.2.17) +42 more potentially affected by CVE-2022-24794 via express-openid-connect (>=0.5.0 <=2.20.2)
express-openid-connect NPM version =0.5.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =1.1.6, =1.2.9 and more Source cves: CVE-2022-24794 Source advisory: OSV:GHSA-7P99-3798-F85C...
Session fixation in express-openid-connect
Overview Versions 2.3.0 up to and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Am I affected? You are affected by this vulnerability if you are using express-openid-connec...
GHSA-7RG2-QXMF-HHX9 Session fixation in express-openid-connect
Overview Versions 2.3.0 up to and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Am I affected? You are affected by this vulnerability if you are using express-openid-connec...
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
Session fixation
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
CVE-2021-41246 Session fixation in express-openid-connect
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation...
CVE-2021-41246
Express OpenID Connect middleware for Express.js is affected. Versions up to and including 2.5.1 do not regenerate the session id and session cookie on login, enabling session-fixation risks. A patch exists in version 2.5.2, which fixes the issue. Several sources corroborate this behavior and pat...
Auth0 Express OpenId Connect 授权问题漏洞
Auth0 Express OpenId Connect is an open source component of Auth0 Inc. Express.js middleware used to protect the OpenID Connect web application. Auth0 Express OpenID Connect has an authorization issue vulnerability that stems from not regenerating the session ID and session cookie when a user log...