@fastify/secure-session@4.0.0 vulnerabilities
Create a secure stateless cookie session for Fastify
-
latest version
8.1.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @fastify/secure-session package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@fastify/secure-session is a Create a secure stateless cookie session for Fastify Affected versions of this package are vulnerable to Insufficient Session Expiration due to the session removal process. Specifically, in the delete function, when a session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could continue using it indefinitely. How to fix Insufficient Session Expiration? Upgrade |
<7.3.0
|