@perfood/couch-auth 0.26.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @perfood/couch-auth package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H HTTP Header Injection @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to HTTP Header Injection via the `mailer` component. An attacker can gain unauthorized access to reset tokens and take over user accounts by spoofing the HTTP Host header. How to fix HTTP Header Injection? There is no fixed version for `@perfood/couch-auth`.	*
M Timing Attack @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the `authentication` process. An attacker can obtain sensitive information by measuring response times during authentication attempts. How to fix Timing Attack? There is no fixed version for `@perfood/couch-auth`.	*
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the email change confirmation request. An attacker can run limited commands or leak server-side information by sending a specially crafted host header. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? There is no fixed version for `@perfood/couch-auth`.	*

Vulnerability

Vulnerable Version

HTTP Header Injection

@perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

Affected versions of this package are vulnerable to HTTP Header Injection via the mailer component. An attacker can gain unauthorized access to reset tokens and take over user accounts by spoofing the HTTP Host header.

How to fix HTTP Header Injection?

There is no fixed version for @perfood/couch-auth.

Timing Attack

@perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain sensitive information by measuring response times during authentication attempts.

How to fix Timing Attack?

There is no fixed version for @perfood/couch-auth.

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

@perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the email change confirmation request. An attacker can run limited commands or leak server-side information by sending a specially crafted host header.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

There is no fixed version for @perfood/couch-auth.

@perfood/couch-auth@0.26.0 vulnerabilities

Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically