Homepage
About Snyk

authmagic-timerange-stateless-core@0.0.13 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the authmagic-timerange-stateless-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Authentication

authmagic-timerange-stateless-core is a

Affected versions of this package are vulnerable to Improper Authentication. The module is defined to handle authentication but does not validate the JWT token sent by the user when reissuing a new token (POST request to /token endpoint). Therefore it allows modifying payload within the token and also reissuing new token which will be signed by the system and become valid. This weakness provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client

How to fix Improper Authentication?

There is no fixed version for authmagic-timerange-stateless-core.

*
Go back to all versions of this package