EPSS
Percentile
43.3%
vantage6 is vulnerable to Insufficient Session Expiration. An attacker is able to reuse old session credentials or session IDs for authorization because the refresh token is indefinitely valid.
github.com/advisories/GHSA-4w59-c3gc-rrhp
github.com/vantage6/vantage6/commit/48ebfca42359e9a6743e9598684585e2522cdce8
github.com/vantage6/vantage6/pull/562
github.com/vantage6/vantage6/security/advisories/GHSA-4w59-c3gc-rrhp