authmagic-timerange-stateless-core@0.0.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the authmagic-timerange-stateless-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Improper Authentication

authmagic-timerange-stateless-core is a

Affected versions of this package are vulnerable to Improper Authentication. The module is defined to handle authentication but does not validate the JWT token sent by the user when reissuing a new token (POST request to /token endpoint). Therefore it allows modifying payload within the token and also reissuing new token which will be signed by the system and become valid. This weakness provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client

How to fix Improper Authentication?

There is no fixed version for authmagic-timerange-stateless-core.

*