12 matches found
CVE-2023-29019
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
EUVD-2023-1192
Malicious code in bioql PyPI...
CVE-2023-29020
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
Cross-site Request Forgery (CSRF)
@fastify/passport is vulnerable to Cross-site Request Forgery CSRF. When a user logs in, the library doesn't remove the session object, keeping the csrf property in tact across unauthenticated and authorized sessions. CSRF tokens created prior to authentication are therefore still valid. Thus,...
Session fixation
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
Cross site request forgery (csrf)
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
Session fixation in fastify-passport
Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library fo...
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2023-29020 Cross site request forgery token fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF Cross-Site Request Forger protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport in affected versions, can be bypassed by network and same-site attackers...
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
CVE-2023-29019 Session fixation in fastify-passport
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using @fastify/passport in affected versions for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation...
PT-2023-22091 · Unknown · @Fastify/Passport +1
Name of the Vulnerable Software and Affected Versions: @fastify/passport versions prior to the version that regenerates sessionId upon login Description: Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management...