github.com/heroiclabs/nakama is vulnerable to insecure session. The vulnerability exists because session tokens on logout are not properly validated which allows an attacker to send requests with old tokens to authenticate to the application.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/heroiclabs/nakama | le | v3.12.0 | |
github.com/heroiclabs/nakama | le | v3.12.0 |
github.com/advisories/GHSA-xv59-gc3r-rf92
github.com/heroiclabs/nakama/blob/master/console/ui/src/app/authentication.service.ts#L82-L86
github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166
github.com/heroiclabs/nakama/pull/875
huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796
huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796/