CVE-2016-7191
CVE-2016-7191 affects the Node.js Passport-Azure-AD library: versions 1.x before 1.4.6 and 2.x before 2.0.1 fail to recognize the validateIssuer setting, enabling authentication bypass with a crafted token. Affected products include passport-azure-ad for Node.js; exploitation could bypass Azure A...