CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

Insufficient Session Expiration in @cyyynthia/tokenize

Impact A bug introduced in version 1.1.0 made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field. Patches Version 1.1.3 contains a patch that'll invalidate these faulty tokens and mak...